Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ghumRvJGY9.exe

Overview

General Information

Sample name:ghumRvJGY9.exe
renamed because original name is a hash value
Original sample name:89b4b96d1edc5252b78c1938de98d5d3.exe
Analysis ID:1580913
MD5:89b4b96d1edc5252b78c1938de98d5d3
SHA1:ce73038e1d3f9d6f0aa09fee0e6017814e8d1020
SHA256:e8831b78205d6e0e8774f902ad4bffbad701c0d6b67ec4398b9fec765dbba2af
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ghumRvJGY9.exe (PID: 2096 cmdline: "C:\Users\user\Desktop\ghumRvJGY9.exe" MD5: 89B4B96D1EDC5252B78C1938DE98D5D3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wordyfindy.lat", "shapestickyr.lat", "bashfulacid.lat", "observerfry.lat", "tentabatte.lat", "slipperyloo.lat", "talkynicer.lat", "manyrestro.lat", "curverpluch.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:52.104952+010020283713Unknown Traffic192.168.2.649708104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:50.136805+010020584801Domain Observed Used for C2 Detected192.168.2.6598171.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:49.659764+010020584841Domain Observed Used for C2 Detected192.168.2.6500991.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:48.897561+010020584921Domain Observed Used for C2 Detected192.168.2.6545311.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:49.209467+010020585001Domain Observed Used for C2 Detected192.168.2.6492381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:48.615292+010020585021Domain Observed Used for C2 Detected192.168.2.6557771.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:49.433161+010020585101Domain Observed Used for C2 Detected192.168.2.6521641.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:49.911129+010020585121Domain Observed Used for C2 Detected192.168.2.6627631.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:48.347159+010020585141Domain Observed Used for C2 Detected192.168.2.6539781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-26T13:07:52.946924+010028586661Domain Observed Used for C2 Detected192.168.2.649708104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: ghumRvJGY9.exeAvira: detected
    Antivirus detection for URL or domain
    Source: https://tentabatte.lat/apiAvira URL Cloud: Label: malware
    Source: https://bashfulacid.lat:443/apiAvira URL Cloud: Label: malware
    Found malware configuration
    Source: ghumRvJGY9.exe.2096.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["wordyfindy.lat", "shapestickyr.lat", "bashfulacid.lat", "observerfry.lat", "tentabatte.lat", "slipperyloo.lat", "talkynicer.lat", "manyrestro.lat", "curverpluch.lat"], "Build id": "PsFKDg--pablo"}
    Multi AV Scanner detection for submitted file
    Source: ghumRvJGY9.exeReversingLabs: Detection: 65%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: ghumRvJGY9.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000003.2131209110.0000000004D30000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
    Source: ghumRvJGY9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49708 version: TLS 1.2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ebx0_2_005D8600
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00611720
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FE0DA
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FC0E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FC09E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FC09E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov eax, dword ptr [00616130h]0_2_005E8169
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005F81CC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00606210
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00610340
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005EC300
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005F83D8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_005FC465
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FC465
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005F8528
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edi, ecx0_2_005FA5B6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_006106F0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [edi], al0_2_005FC850
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_0060C830
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then push esi0_2_005DC805
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005F2830
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov eax, ebx0_2_005EC8A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_005EC8A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_005EC8A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_005EC8A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005F89E9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0060C990
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_005D8A50
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_0060CA40
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_005FAAC0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_005DAB40
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ecx0_2_005E8B1B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_005EEB80
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_005DCC7A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_005E4CA0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00610D20
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ecx0_2_005F6D2E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0060CDF0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_0060CDF0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0060CDF0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_0060CDF0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_0060EDC1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005F2E6D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then jmp edx0_2_005F2E6D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_005F2E6D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_005D2EB0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov word ptr [eax], cx0_2_005E6F52
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov esi, ecx0_2_005F90D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00611160
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005FD17D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_005FB170
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005FD116
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FD34A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_005D73D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_005D73D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov eax, ebx0_2_005F7440
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_005F7440
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov word ptr [eax], cx0_2_005E747D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov word ptr [edx], di0_2_005E747D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_005EB57D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_005F7740
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then jmp eax0_2_005F9739
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then jmp edx0_2_005F37D6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_005D9780
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005ED8D8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005ED8D8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ecx0_2_005EB8F6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ecx0_2_005EB8F6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005ED8AC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005ED8AC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [edi], al0_2_005FB980
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then jmp edx0_2_005F39B9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_005F39B9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then dec edx0_2_0060FA20
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov word ptr [eax], cx0_2_005F1A10
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then dec edx0_2_0060FB10
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then dec edx0_2_0060FD70
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FDDFF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_005FDE07
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then dec edx0_2_0060FE00
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edx, ecx0_2_005F9E80
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_005F5F1B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 4x nop then mov ecx, eax0_2_005FBF13

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.6:50099 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.6:55777 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.6:49238 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.6:59817 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.6:52164 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.6:62763 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.6:53978 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.6:54531 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49708 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: wordyfindy.lat
    Source: Malware configuration extractorURLs: shapestickyr.lat
    Source: Malware configuration extractorURLs: bashfulacid.lat
    Source: Malware configuration extractorURLs: observerfry.lat
    Source: Malware configuration extractorURLs: tentabatte.lat
    Source: Malware configuration extractorURLs: slipperyloo.lat
    Source: Malware configuration extractorURLs: talkynicer.lat
    Source: Malware configuration extractorURLs: manyrestro.lat
    Source: Malware configuration extractorURLs: curverpluch.lat
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49708 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=c7fb3040c3785ac1f4f5daed; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:07:52 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlucts" equals www.youtube.com (Youtube)
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: observerfry.lat
    Source: global trafficDNS traffic detected: DNS query: wordyfindy.lat
    Source: global trafficDNS traffic detected: DNS query: slipperyloo.lat
    Source: global trafficDNS traffic detected: DNS query: manyrestro.lat
    Source: global trafficDNS traffic detected: DNS query: shapestickyr.lat
    Source: global trafficDNS traffic detected: DNS query: talkynicer.lat
    Source: global trafficDNS traffic detected: DNS query: curverpluch.lat
    Source: global trafficDNS traffic detected: DNS query: tentabatte.lat
    Source: global trafficDNS traffic detected: DNS query: bashfulacid.lat
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bashfulacid.lat:443/api
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLog
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184278585.0000000001112000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/0
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184278585.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185217236.0000000001100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: ghumRvJGY9.exe, 00000000.00000003.2184278585.0000000001112000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tentabatte.lat/api
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49708 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: ghumRvJGY9.exeStatic PE information: section name:
    Source: ghumRvJGY9.exeStatic PE information: section name: .idata
    Source: ghumRvJGY9.exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D86000_2_005D8600
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DB1000_2_005DB100
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068606A0_2_0068606A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064E0760_2_0064E076
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_008180940_2_00818094
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067207D0_2_0067207D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006820470_2_00682047
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E0480_2_0078E048
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007040420_2_00704042
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A40210_2_006A4021
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007280230_2_00728023
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068003D0_2_0068003D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007080160_2_00708016
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006440E40_2_006440E4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B60E10_2_006B60E1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FA0CA0_2_005FA0CA
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A20F70_2_006A20F7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CA0C90_2_006CA0C9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E60E90_2_005E60E9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FC0E60_2_005FC0E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FC09E0_2_005FC09E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064C0BC0_2_0064C0BC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070A0AA0_2_0070A0AA
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064A0830_2_0064A083
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FC09E0_2_005FC09E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064C17F0_2_0064C17F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006501440_2_00650144
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FE14B0_2_006FE14B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006321460_2_00632146
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006881470_2_00688147
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E81690_2_005E8169
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D61600_2_005D6160
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067012C0_2_0067012C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069C1040_2_0069C104
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EE11A0_2_006EE11A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C011A0_2_006C011A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070C1060_2_0070C106
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007981FF0_2_007981FF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F81CC0_2_005F81CC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BE1CC0_2_006BE1CC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B01C10_2_006B01C1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007101C30_2_007101C3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006661D10_2_006661D1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006641DE0_2_006641DE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FE1800_2_005FE180
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D818A0_2_006D818A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006421970_2_00642197
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071E2710_2_0071E271
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DE2690_2_006DE269
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FA27E0_2_006FA27E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006402760_2_00640276
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006462760_2_00646276
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006722440_2_00672244
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C62490_2_006C6249
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007222570_2_00722257
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069E24E0_2_0069E24E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D42700_2_005D4270
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E623E0_2_006E623E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007242110_2_00724211
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EE2200_2_005EE220
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F02ED0_2_006F02ED
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006982EA0_2_006982EA
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F42D00_2_005F42D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006922D70_2_006922D7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B82A80_2_006B82A8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C22B90_2_006C22B9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006902920_2_00690292
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065C3620_2_0065C362
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006843650_2_00684365
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068637C0_2_0068637C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071435B0_2_0071435B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0072A35C0_2_0072A35C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A03270_2_006A0327
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007183290_2_00718329
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BE3320_2_006BE332
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066E33A0_2_0066E33A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006343020_2_00634302
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A630E0_2_006A630E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063E3060_2_0063E306
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F43080_2_006F4308
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063C3150_2_0063C315
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F83D80_2_005F83D8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AC3E20_2_006AC3E2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DA3E60_2_006DA3E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066C3F10_2_0066C3F1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AA3C00_2_006AA3C0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006943D30_2_006943D3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F63D00_2_006F63D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007063CF0_2_007063CF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CC3A60_2_006CC3A6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DC3BC0_2_006DC3BC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006483B20_2_006483B2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C83B30_2_006C83B3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065E3870_2_0065E387
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068A3990_2_0068A399
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006104600_2_00610460
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063A4740_2_0063A474
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060A4400_2_0060A440
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EA4290_2_006EA429
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E84020_2_006E8402
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C441C0_2_006C441C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007004040_2_00700404
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006544F60_2_006544F6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F04C60_2_005F04C6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069A4F00_2_0069A4F0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007024D90_2_007024D9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F24E00_2_005F24E0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E04AE0_2_006E04AE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007084A00_2_007084A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006504990_2_00650499
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B654A0_2_006B654A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064254F0_2_0064254F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006445560_2_00644556
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006645540_2_00664554
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071A54B0_2_0071A54B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F45600_2_005F4560
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EE5270_2_006EE527
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B25270_2_006B2527
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067253B0_2_0067253B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067C5060_2_0067C506
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FC53C0_2_005FC53C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A45E60_2_006A45E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071E5EC0_2_0071E5EC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D65F00_2_005D65F0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060A5D40_2_0060A5D4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060C5A00_2_0060C5A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070E5BC0_2_0070E5BC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006325B00_2_006325B0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007045AB0_2_007045AB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CE5860_2_006CE586
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FA6680_2_006FA668
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006846600_2_00684660
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E26710_2_006E2671
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006086500_2_00608650
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BC6520_2_006BC652
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006506310_2_00650631
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007966140_2_00796614
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EE6300_2_005EE630
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D46EC0_2_006D46EC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D66E70_2_006D66E7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F46D00_2_005F46D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006106F00_2_006106F0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C26FD0_2_006C26FD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A86F80_2_006A86F8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BA6C50_2_006BA6C5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006606D20_2_006606D2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DE6DB0_2_006DE6DB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006886DF0_2_006886DF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006926A10_2_006926A1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EC6A70_2_006EC6A7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DE6870_2_005DE687
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F46830_2_006F4683
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069C69D0_2_0069C69D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E46950_2_006E4695
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071C77A0_2_0071C77A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E27500_2_005E2750
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F47790_2_006F4779
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071476E0_2_0071476E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064074F0_2_0064074F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006587570_2_00658757
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D27500_2_006D2750
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006787390_2_00678739
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006947C00_2_006947C0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006527DD0_2_006527DD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065C7DC0_2_0065C7DC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DA7A90_2_006DA7A9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007007BD0_2_007007BD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063878E0_2_0063878E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F679A0_2_006F679A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006868690_2_00686869
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DE86C0_2_006DE86C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063C8680_2_0063C868
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063487A0_2_0063487A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DC8400_2_005DC840
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006628530_2_00662853
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006968510_2_00696851
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D082F0_2_006D082F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064C83E0_2_0064C83E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066E8010_2_0066E801
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0079A8070_2_0079A807
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006448E20_2_006448E2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006648ED0_2_006648ED
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C28E70_2_006C28E7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064A8D30_2_0064A8D3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007228C80_2_007228C8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006568AB0_2_006568AB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006088B00_2_006088B0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006328870_2_00632887
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007188990_2_00718899
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065A8900_2_0065A890
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006908930_2_00690893
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EC8A00_2_005EC8A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BC97A0_2_006BC97A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006749480_2_00674948
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FE95F0_2_006FE95F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CC95C0_2_006CC95C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DC9500_2_006DC950
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EE9600_2_005EE960
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F69100_2_005F6910
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B691E0_2_006B691E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006809160_2_00680916
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006109E00_2_006109E0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A29E90_2_006A29E9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067A9ED0_2_0067A9ED
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A09E60_2_006A09E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006469F50_2_006469F5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064E9F70_2_0064E9F7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FA9F60_2_006FA9F6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CE9F60_2_006CE9F6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FC9EB0_2_005FC9EB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007869CC0_2_007869CC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006889D30_2_006889D3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064C9A40_2_0064C9A4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B29A60_2_006B29A6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EE9B80_2_006EE9B8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006709BF0_2_006709BF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071A9960_2_0071A996
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AA99D0_2_006AA99D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E69900_2_006E6990
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E2A640_2_006E2A64
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060CA400_2_0060CA40
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070AA510_2_0070AA51
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00648A470_2_00648A47
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00650A500_2_00650A50
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00664A5F0_2_00664A5F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006ECA260_2_006ECA26
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00716A250_2_00716A25
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068AA000_2_0068AA00
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00686A030_2_00686A03
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066CA080_2_0066CA08
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00704A1E0_2_00704A1E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00696AD80_2_00696AD8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A6AA90_2_006A6AA9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00636AB10_2_00636AB1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CAABF0_2_006CAABF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F8ABC0_2_005F8ABC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00694A860_2_00694A86
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F2A940_2_006F2A94
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FCA930_2_006FCA93
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00794A860_2_00794A86
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F6B7F0_2_006F6B7F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00698B720_2_00698B72
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DAB400_2_005DAB40
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00652B470_2_00652B47
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065CB460_2_0065CB46
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00630B590_2_00630B59
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E8B1B0_2_005E8B1B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066AB2E0_2_0066AB2E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068EB200_2_0068EB20
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00726B270_2_00726B27
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00680BFA0_2_00680BFA
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A8BC10_2_006A8BC1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071CBDF0_2_0071CBDF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FEBD80_2_006FEBD8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00634BDD0_2_00634BDD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DCBB70_2_006DCBB7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EEB800_2_005EEB80
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F4BB00_2_006F4BB0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068CB890_2_0068CB89
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CEB840_2_006CEB84
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069CB860_2_0069CB86
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069EB9C0_2_0069EB9C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D4BA00_2_005D4BA0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0072AC630_2_0072AC63
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B0C410_2_006B0C41
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070CC5B0_2_0070CC5B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00714C460_2_00714C46
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00724C360_2_00724C36
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AAC100_2_006AAC10
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00634CED0_2_00634CED
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D4CCD0_2_006D4CCD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00674CC20_2_00674CC2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E0CC00_2_006E0CC0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066ECDE0_2_0066ECDE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D2CD20_2_006D2CD2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00662CA50_2_00662CA5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067ECA90_2_0067ECA9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00722CA00_2_00722CA0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069ACBC0_2_0069ACBC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071EC930_2_0071EC93
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065AC810_2_0065AC81
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D8C9E0_2_006D8C9E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00702C8A0_2_00702C8A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B6C900_2_006B6C90
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E4CA00_2_005E4CA0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FCD5E0_2_005FCD5E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FCD4C0_2_005FCD4C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00706D6A0_2_00706D6A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BAD740_2_006BAD74
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00644D4E0_2_00644D4E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00720D580_2_00720D58
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00718D5D0_2_00718D5D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C2D430_2_006C2D43
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F0D5C0_2_006F0D5C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00610D200_2_00610D20
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00642D2C0_2_00642D2C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00692D3C0_2_00692D3C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00694D3E0_2_00694D3E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00658D0C0_2_00658D0C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00704D1C0_2_00704D1C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063CD0C0_2_0063CD0C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F6D2E0_2_005F6D2E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EAD1A0_2_006EAD1A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006ACD130_2_006ACD13
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00686DE00_2_00686DE0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A6DE20_2_006A6DE2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E2DE70_2_006E2DE7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060CDF00_2_0060CDF0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00672DFF0_2_00672DFF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CCDC00_2_006CCDC0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064EDDE0_2_0064EDDE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00640DA60_2_00640DA6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00632DA90_2_00632DA9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F8DB60_2_006F8DB6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CAD890_2_006CAD89
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DED970_2_006DED97
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E4E630_2_006E4E63
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00664E730_2_00664E73
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A2E7F0_2_006A2E7F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E0E4B0_2_006E0E4B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F2E6D0_2_005F2E6D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F0E6C0_2_005F0E6C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0074AE480_2_0074AE48
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FEE630_2_005FEE63
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00688E3B0_2_00688E3B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066CE320_2_0066CE32
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00668E3F0_2_00668E3F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F6E0F0_2_006F6E0F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00656E000_2_00656E00
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A4E000_2_006A4E00
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C6E190_2_006C6E19
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00678EE20_2_00678EE2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064CEEE0_2_0064CEEE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A0EE60_2_006A0EE6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CAEFD0_2_006CAEFD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00650EF20_2_00650EF2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068CEC00_2_0068CEC0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00690EC50_2_00690EC5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00608EA00_2_00608EA0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00726EB00_2_00726EB0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00708EA90_2_00708EA9
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00646E810_2_00646E81
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D2EB00_2_005D2EB0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005EAEB00_2_005EAEB0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00644E900_2_00644E90
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00662F630_2_00662F63
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C4F6A0_2_006C4F6A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E6F520_2_005E6F52
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066AF7E0_2_0066AF7E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00660F270_2_00660F27
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E8F3D0_2_006E8F3D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00700F120_2_00700F12
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00710F190_2_00710F19
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DCF070_2_006DCF07
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00718F070_2_00718F07
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00676FEE0_2_00676FEE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A8FE50_2_006A8FE5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068AFFF0_2_0068AFFF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F4FC80_2_006F4FC8
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00664FCB0_2_00664FCB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067EFDF0_2_0067EFDF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CEFAB0_2_006CEFAB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070EFAF0_2_0070EFAF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00630F820_2_00630F82
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069CF8A0_2_0069CF8A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00658F8E0_2_00658F8E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064AF950_2_0064AF95
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070D0770_2_0070D077
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006390790_2_00639079
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065D0410_2_0065D041
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B702C0_2_006B702C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AF0250_2_006AF025
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065B0370_2_0065B037
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0066F03E0_2_0066F03E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067D03F0_2_0067D03F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063F03A0_2_0063F03A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067503B0_2_0067503B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005ED0030_2_005ED003
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006670020_2_00667002
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007290190_2_00729019
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DD0210_2_005DD021
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FF0100_2_006FF010
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071500E0_2_0071500E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006490ED0_2_006490ED
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DF0E60_2_006DF0E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006930FD0_2_006930FD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D90F50_2_006D90F5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006990B10_2_006990B1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0079D0880_2_0079D088
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B909E0_2_006B909E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FD0920_2_006FD092
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AD1790_2_006AD179
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C717B0_2_006C717B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CD14C0_2_006CD14C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D51470_2_006D5147
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B512A0_2_006B512A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006AB1320_2_006AB132
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006371380_2_00637138
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068310E0_2_0068310E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007171F30_2_007171F3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068F1E40_2_0068F1E4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007291C00_2_007291C0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006D91D40_2_006D91D4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007131CD0_2_007131CD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065B1A20_2_0065B1A2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067F1A00_2_0067F1A0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060F18B0_2_0060F18B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063518D0_2_0063518D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F91AE0_2_005F91AE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071D1870_2_0071D187
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A326F0_2_006A326F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006ED27E0_2_006ED27E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006872400_2_00687240
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006732340_2_00673234
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F123B0_2_006F123B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007232040_2_00723204
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E12270_2_005E1227
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068D2EC0_2_0068D2EC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A12E50_2_006A12E5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006612F70_2_006612F7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006572C20_2_006572C2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064D2DE0_2_0064D2DE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007192B30_2_007192B3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007112BE0_2_007112BE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065D2B10_2_0065D2B1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063B2B50_2_0063B2B5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006092800_2_00609280
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BF28B0_2_006BF28B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E12870_2_006E1287
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006472880_2_00647288
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FD34A0_2_005FD34A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064B37E0_2_0064B37E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F13400_2_005F1340
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007033510_2_00703351
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005FF3770_2_005FF377
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006E935B0_2_006E935B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D93100_2_005D9310
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006913270_2_00691327
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0072B3250_2_0072B325
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006593390_2_00659339
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069530F0_2_0069530F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0072731C0_2_0072731C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006EF31A0_2_006EF31A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007113F50_2_007113F5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005D73D00_2_005D73D0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071B3E40_2_0071B3E4
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DF3C00_2_005DF3C0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0067D3CE0_2_0067D3CE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007073C20_2_007073C2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C93AC0_2_006C93AC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CF3AC0_2_006CF3AC
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069D3A30_2_0069D3A3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0068B3B70_2_0068B3B7
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006FB38E0_2_006FB38E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006813840_2_00681384
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006493950_2_00649395
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069B46B0_2_0069B46B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007B946A0_2_007B946A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005F74400_2_005F7440
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005E747D0_2_005E747D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BD45D0_2_006BD45D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063F4210_2_0063F421
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070D4390_2_0070D439
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071543A0_2_0071543A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006774280_2_00677428
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006994390_2_00699439
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0069743C0_2_0069743C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A943C0_2_006A943C
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0070F4160_2_0070F416
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006C341D0_2_006C341D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B741E0_2_006B741E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007154E00_2_007154E0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_005DD4F30_2_005DD4F3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DB4D50_2_006DB4D5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006434AD0_2_006434AD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006934870_2_00693487
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006DF4980_2_006DF498
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007054860_2_00705486
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B54950_2_006B5495
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0072157E0_2_0072157E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0064556B0_2_0064556B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006B95640_2_006B9564
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006F95450_2_006F9545
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006375520_2_00637552
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065F52F0_2_0065F52F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006895340_2_00689534
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006BF5150_2_006BF515
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006695E60_2_006695E6
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A75EE0_2_006A75EE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007915E30_2_007915E3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0071D5EE0_2_0071D5EE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0079B5DF0_2_0079B5DF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006515C30_2_006515C3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0063D5CF0_2_0063D5CF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006A35DB0_2_006A35DB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007095B10_2_007095B1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007135850_2_00713585
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006775920_2_00677592
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0065359B0_2_0065359B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_006CB5920_2_006CB592
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: String function: 005E4C90 appears 77 times
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: String function: 005D7F60 appears 40 times
    Source: ghumRvJGY9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: ghumRvJGY9.exeStatic PE information: Section: ZLIB complexity 0.9994957618464052
    Source: ghumRvJGY9.exeStatic PE information: Section: ndzknjyx ZLIB complexity 0.9947192845143555
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00602070 CoCreateInstance,0_2_00602070
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: ghumRvJGY9.exeReversingLabs: Detection: 65%
    Source: ghumRvJGY9.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile read: C:\Users\user\Desktop\ghumRvJGY9.exeJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSection loaded: dpapi.dllJump to behavior
    Source: ghumRvJGY9.exeStatic file information: File size 1848320 > 1048576
    Source: ghumRvJGY9.exeStatic PE information: Raw size of ndzknjyx is bigger than: 0x100000 < 0x199400

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeUnpacked PE file: 0.2.ghumRvJGY9.exe.5d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndzknjyx:EW;xgvuhuxm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ndzknjyx:EW;xgvuhuxm:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: ghumRvJGY9.exeStatic PE information: real checksum: 0x1d27c0 should be: 0x1ce3e4
    Source: ghumRvJGY9.exeStatic PE information: section name:
    Source: ghumRvJGY9.exeStatic PE information: section name: .idata
    Source: ghumRvJGY9.exeStatic PE information: section name:
    Source: ghumRvJGY9.exeStatic PE information: section name: ndzknjyx
    Source: ghumRvJGY9.exeStatic PE information: section name: xgvuhuxm
    Source: ghumRvJGY9.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0062928F push 4314E3F7h; mov dword ptr [esp], ebx0_2_006295DF
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00629521 push 14C7BFCBh; mov dword ptr [esp], edi0_2_00629526
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00629521 push edi; mov dword ptr [esp], eax0_2_0062A1CB
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00629521 push edx; mov dword ptr [esp], esi0_2_0062A1D1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_007AE07C push 48E96900h; mov dword ptr [esp], edi0_2_007B1841
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00818094 push edi; mov dword ptr [esp], esp0_2_00818104
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00818094 push 5535C33Ah; mov dword ptr [esp], esp0_2_00818165
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00818094 push ebx; mov dword ptr [esp], 197A5315h0_2_00818224
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00818094 push ecx; mov dword ptr [esp], 76DB31B3h0_2_00818232
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_00818094 push edx; mov dword ptr [esp], ebx0_2_008182B0
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0062C041 push edi; mov dword ptr [esp], 00408CF7h0_2_0062C04B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 1F90F330h; mov dword ptr [esp], esp0_2_0078E051
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 742C1776h; mov dword ptr [esp], edi0_2_0078E05E
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push esi; mov dword ptr [esp], 6DFD9CA7h0_2_0078E119
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 785CA636h; mov dword ptr [esp], edx0_2_0078E197
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push ebx; mov dword ptr [esp], eax0_2_0078E1D2
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 7BE76613h; mov dword ptr [esp], edi0_2_0078E1E5
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 06C57105h; mov dword ptr [esp], ecx0_2_0078E29B
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 33D91CD6h; mov dword ptr [esp], eax0_2_0078E3C1
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 55A833B1h; mov dword ptr [esp], edi0_2_0078E45F
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push ecx; mov dword ptr [esp], 7D77A861h0_2_0078E463
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 68F93CC4h; mov dword ptr [esp], ebp0_2_0078E4C3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push esi; mov dword ptr [esp], 142ABA43h0_2_0078E50A
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 3F43DE80h; mov dword ptr [esp], edx0_2_0078E534
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push esi; mov dword ptr [esp], ecx0_2_0078E54D
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push edx; mov dword ptr [esp], ecx0_2_0078E5B3
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 2174FFCBh; mov dword ptr [esp], ecx0_2_0078E634
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 0A503AC1h; mov dword ptr [esp], ecx0_2_0078E666
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push edx; mov dword ptr [esp], 5FFF4F02h0_2_0078E6CD
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push esi; mov dword ptr [esp], 41E96CAEh0_2_0078E744
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0078E048 push 36F1803Ah; mov dword ptr [esp], ebx0_2_0078E753
    Source: ghumRvJGY9.exeStatic PE information: section name: entropy: 7.978734653117064
    Source: ghumRvJGY9.exeStatic PE information: section name: ndzknjyx entropy: 7.9533485247893845

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 629124 second address: 629129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A2907 second address: 7A290D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A290D second address: 7A2911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A2911 second address: 7A2959 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Ch 0x00000007 jmp 00007FF35CC5EA8Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FF35CC5EA93h 0x00000013 pushad 0x00000014 jmp 00007FF35CC5EA90h 0x00000019 jnc 00007FF35CC5EA86h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A1D78 second address: 7A1DAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F9h 0x00000007 push ebx 0x00000008 jnc 00007FF35CC4D6E6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jc 00007FF35CC4D6E6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A1DAA second address: 7A1DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A1DB1 second address: 7A1DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF35CC4D6F3h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A53E3 second address: 7A53E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A53E9 second address: 7A5434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f je 00007FF35CC4D6FFh 0x00000015 jmp 00007FF35CC4D6F9h 0x0000001a pop edi 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF35CC4D6F8h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A5434 second address: 7A5451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF35CC5EA98h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A5451 second address: 7A5464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A5464 second address: 7A549C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop eax 0x00000007 mov dword ptr [ebp+122D1C16h], ebx 0x0000000d lea ebx, dword ptr [ebp+12450183h] 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FF35CC5EA88h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A549C second address: 7A54A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A54A2 second address: 7A54B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF35CC5EA8Fh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A568C second address: 7A56AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 ja 00007FF35CC4D6E6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 add dword ptr [ebp+122D232Eh], ebx 0x00000017 push 30B2B480h 0x0000001c push eax 0x0000001d push edx 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 pop edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A56AE second address: 7A56E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 30B2B400h 0x00000010 and esi, dword ptr [ebp+122D35D4h] 0x00000016 push 00000003h 0x00000018 push 00000000h 0x0000001a jng 00007FF35CC5EA89h 0x00000020 cmc 0x00000021 push 00000003h 0x00000023 push B8793087h 0x00000028 push eax 0x00000029 push edx 0x0000002a push esi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A56E9 second address: 7A56EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A56EE second address: 7A56F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF35CC5EA86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A56F8 second address: 7A5720 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 78793087h 0x00000013 mov esi, ebx 0x00000015 lea ebx, dword ptr [ebp+12450197h] 0x0000001b mov dh, AAh 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jc 00007FF35CC4D6E8h 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A5720 second address: 7A5726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7A5726 second address: 7A573D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b ja 00007FF35CC4D6E6h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C468E second address: 7C469D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 79B112 second address: 79B12F instructions: 0x00000000 rdtsc 0x00000002 js 00007FF35CC4D6ECh 0x00000008 jo 00007FF35CC4D6E6h 0x0000000e pushad 0x0000000f jns 00007FF35CC4D6E6h 0x00000015 js 00007FF35CC4D6E6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C28BA second address: 7C28C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C2B6E second address: 7C2B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF35CC4D6E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e jmp 00007FF35CC4D6F9h 0x00000013 pop ecx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C2E49 second address: 7C2E4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C2E4D second address: 7C2E53 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C2E53 second address: 7C2E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FF35CC5EA91h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C2E6F second address: 7C2E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3230 second address: 7C323A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF35CC5EA86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C323A second address: 7C325A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF35CC4D6E6h 0x00000008 jmp 00007FF35CC4D6F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C33E8 second address: 7C33EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3566 second address: 7C356C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7B86C5 second address: 7B86D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7B86D0 second address: 7B8720 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F6h 0x00000007 jmp 00007FF35CC4D6EDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FF35CC4D6EAh 0x00000014 jc 00007FF35CC4D6FBh 0x0000001a jmp 00007FF35CC4D6EFh 0x0000001f jnc 00007FF35CC4D6E6h 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7B8720 second address: 7B8726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7B8726 second address: 7B8746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007FF35CC4D6FFh 0x0000000b jmp 00007FF35CC4D6F3h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3832 second address: 7C3838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3838 second address: 7C3843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3D9F second address: 7C3DB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC5EA90h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3DB3 second address: 7C3DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3EF6 second address: 7C3EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C3EFA second address: 7C3F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FF35CC4D6E6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C40BF second address: 7C40C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C422A second address: 7C4250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6F9h 0x00000009 popad 0x0000000a jnp 00007FF35CC4D6ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C44FC second address: 7C4502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C4502 second address: 7C452A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 jmp 00007FF35CC4D6EBh 0x0000000b jmp 00007FF35CC4D6F6h 0x00000010 pop edi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C452A second address: 7C454F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF35CC5EA8Fh 0x00000008 jmp 00007FF35CC5EA8Dh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C454F second address: 7C4555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C77EE second address: 7C782E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA97h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007FF35CC5EA8Eh 0x00000010 jnc 00007FF35CC5EA88h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF35CC5EA8Fh 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7C782E second address: 7C7865 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a jmp 00007FF35CC4D6EDh 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF35CC4D6F8h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CA112 second address: 7CA11A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CA11A second address: 7CA11E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CED31 second address: 7CED40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF35CC5EA8Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CEEAF second address: 7CEEB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CEEB7 second address: 7CEEBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CEEBB second address: 7CEEBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CF072 second address: 7CF089 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF35CC5EA86h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d je 00007FF35CC5EA86h 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7CF379 second address: 7CF37D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D28B5 second address: 7D28CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC5EA96h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D28CF second address: 7D28F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007FF35CC4D6E6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D2A79 second address: 7D2A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D2A7F second address: 7D2A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D39F8 second address: 7D39FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D39FC second address: 7D3A0E instructions: 0x00000000 rdtsc 0x00000002 je 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D3A0E second address: 7D3A18 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF35CC5EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D3B7E second address: 7D3B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D3B82 second address: 7D3BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 jmp 00007FF35CC5EA94h 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007FF35CC5EA88h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c jnc 00007FF35CC5EA93h 0x00000032 pop eax 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push edx 0x00000037 jg 00007FF35CC5EA86h 0x0000003d pop edx 0x0000003e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D4A6A second address: 7D4A81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC4D6F3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D4A81 second address: 7D4AB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF35CC5EA97h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D4AB1 second address: 7D4B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF35CC4D6E6h 0x00000009 jmp 00007FF35CC4D6ECh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 mov dword ptr [ebp+122D311Ch], edx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007FF35CC4D6E8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FF35CC4D6E8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000015h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov dword ptr [ebp+122D2EF2h], esi 0x00000056 mov esi, dword ptr [ebp+122D19F3h] 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FF35CC4D6F7h 0x00000064 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D4B34 second address: 7D4B3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D5BF2 second address: 7D5C23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF35CC4D6F4h 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D5314 second address: 7D5325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D5325 second address: 7D533F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D5C23 second address: 7D5C29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D67B5 second address: 7D67B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D67B9 second address: 7D67D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF35CC5EA8Dh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FF35CC5EA88h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7DC939 second address: 7DC970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FF35CC4D6F9h 0x0000000a jmp 00007FF35CC4D6F5h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7DC970 second address: 7DC98D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF35CC5EA95h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7DC98D second address: 7DC991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7DE73F second address: 7DE7A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA92h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jmp 00007FF35CC5EA90h 0x00000010 nop 0x00000011 xor edi, dword ptr [ebp+122D3604h] 0x00000017 push 00000000h 0x00000019 js 00007FF35CC5EA8Ch 0x0000001f mov dword ptr [ebp+122D2E30h], eax 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007FF35CC5EA88h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 clc 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 push edi 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7DE7A9 second address: 7DE7AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D9BC7 second address: 7D9BD1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF35CC5EA8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E07E8 second address: 7E0808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c jmp 00007FF35CC4D6F3h 0x00000011 pop ebx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E0808 second address: 7E080F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E080F second address: 7E082C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a mov dword ptr [ebp+122D32A6h], esi 0x00000010 push 00000000h 0x00000012 mov edi, eax 0x00000014 mov ebx, eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E082C second address: 7E0832 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E27F0 second address: 7E27F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E27F4 second address: 7E27FA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E27FA second address: 7E2804 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF35CC4D6ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E097E second address: 7E0985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E0985 second address: 7E0996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC4D6EDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E3957 second address: 7E39F3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF35CC5EA88h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov ebx, dword ptr [ebp+122D1C46h] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007FF35CC5EA88h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d mov ebx, dword ptr [ebp+1244C88Eh] 0x00000043 mov eax, dword ptr [ebp+122D06F1h] 0x00000049 mov edi, ebx 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push edx 0x00000050 call 00007FF35CC5EA88h 0x00000055 pop edx 0x00000056 mov dword ptr [esp+04h], edx 0x0000005a add dword ptr [esp+04h], 00000019h 0x00000062 inc edx 0x00000063 push edx 0x00000064 ret 0x00000065 pop edx 0x00000066 ret 0x00000067 sub dword ptr [ebp+122D3520h], edx 0x0000006d call 00007FF35CC5EA95h 0x00000072 mov ebx, dword ptr [ebp+122D1893h] 0x00000078 pop edi 0x00000079 push eax 0x0000007a push edi 0x0000007b pushad 0x0000007c push ecx 0x0000007d pop ecx 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E499B second address: 7E49A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E49A5 second address: 7E49A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E67AB second address: 7E67BF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007FF35CC4D6EEh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E76FE second address: 7E7708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF35CC5EA86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E96B0 second address: 7E96B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EA617 second address: 7EA6C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FF35CC5EA88h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov ebx, dword ptr [ebp+122D1872h] 0x00000029 jmp 00007FF35CC5EA99h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007FF35CC5EA88h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a mov ebx, edx 0x0000004c push 00000000h 0x0000004e jmp 00007FF35CC5EA96h 0x00000053 xchg eax, esi 0x00000054 push edi 0x00000055 jg 00007FF35CC5EA88h 0x0000005b pop edi 0x0000005c push eax 0x0000005d jnp 00007FF35CC5EAA9h 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007FF35CC5EA97h 0x0000006a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7E78F6 second address: 7E78FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EA85B second address: 7EA85F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7ED656 second address: 7ED65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EC6EA second address: 7EC6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EC6F1 second address: 7EC70D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF35CC4D6F7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EC70D second address: 7EC71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EFC61 second address: 7EFC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF35CC4D6EBh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EFC73 second address: 7EFC77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EFC77 second address: 7EFC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF35CC4D6E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FF35CC4D700h 0x00000012 jmp 00007FF35CC4D6F4h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7ED86E second address: 7ED872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EFC9F second address: 7EFCA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7EFCA9 second address: 7EFCD0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF35CC5EA86h 0x00000008 jnc 00007FF35CC5EA86h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FF35CC5EA92h 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 78DBCC second address: 78DBD1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7F4A85 second address: 7F4A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7F4A93 second address: 7F4AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FF35CC4D6E6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7F815E second address: 7F8165 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7F8165 second address: 7F8197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6EDh 0x00000009 jmp 00007FF35CC4D6F2h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF35CC4D6ECh 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7F8197 second address: 7F819B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FB89D second address: 7FB8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7945E3 second address: 7945FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FB15C second address: 7FB16E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jng 00007FF35CC4D6E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FB41A second address: 7FB441 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA92h 0x00000007 jng 00007FF35CC5EA86h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 js 00007FF35CC5EA90h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE8F1 second address: 7FE918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FF35CC4D6F9h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE918 second address: 7FE91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE91D second address: 7FE952 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF35CC4D6ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF35CC4D6F3h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE952 second address: 7FE956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE956 second address: 7FE95C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE95C second address: 7FE962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE962 second address: 7FE966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE966 second address: 7FE981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF35CC5EA8Bh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE981 second address: 7FE987 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7FE987 second address: 7FE991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FF35CC5EA86h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 797D6A second address: 797D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 804162 second address: 80417F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF35CC5EA91h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 804780 second address: 80478D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80478D second address: 8047A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA94h 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8047A6 second address: 8047C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007FF35CC4D6E6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8048DE second address: 8048FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA95h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 804D09 second address: 804D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8050DC second address: 8050E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8050E0 second address: 8050E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 805289 second address: 805293 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF35CC5EA86h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 805293 second address: 80529C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A83A second address: 80A840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A840 second address: 80A853 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A853 second address: 80A873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF35CC5EA8Ah 0x00000008 jmp 00007FF35CC5EA91h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8096A4 second address: 8096B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 jnc 00007FF35CC4D6EEh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80984A second address: 80984E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80984E second address: 809869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF35CC4D6F5h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 809869 second address: 809870 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 78DB9B second address: 78DBCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF35CC4D6EFh 0x0000000c jo 00007FF35CC4D6E6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FF35CC4D6EEh 0x0000001b push eax 0x0000001c pop eax 0x0000001d jnp 00007FF35CC4D6E6h 0x00000023 push eax 0x00000024 pushad 0x00000025 popad 0x00000026 pop eax 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A13A second address: 80A157 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA99h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A157 second address: 80A167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF35CC4D6E6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A167 second address: 80A16D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A16D second address: 80A190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FF35CC4D6F5h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A190 second address: 80A194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A2F8 second address: 80A2FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A2FD second address: 80A315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA92h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A315 second address: 80A31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A31E second address: 80A322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A322 second address: 80A326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80A5B3 second address: 80A5B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80EC28 second address: 80EC45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FF35CC4D6E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF35CC4D6EEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80EC45 second address: 80EC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA91h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80D9EE second address: 80DA15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F6h 0x00000007 jnl 00007FF35CC4D6E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80DA15 second address: 80DA1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80DA1B second address: 80DA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80DA1F second address: 80DA2D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FF35CC5EA88h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D13D6 second address: 7D13E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6EBh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D13E6 second address: 7B86C5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF35CC5EA88h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FF35CC5EA88h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 or edi, 125B2EDCh 0x0000002b call 00007FF35CC5EA91h 0x00000030 jmp 00007FF35CC5EA8Eh 0x00000035 pop ecx 0x00000036 call dword ptr [ebp+122D2ECFh] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D156B second address: 7D1582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jnl 00007FF35CC4D6E8h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D184F second address: 7D1854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D1854 second address: 7D1859 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D18CF second address: 7D18D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D18D5 second address: 7D18E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnl 00007FF35CC4D6E6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D18E8 second address: 7D18ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D18ED second address: 7D191F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007FF35CC4D6F3h 0x00000011 pop eax 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D3526h], edx 0x00000019 popad 0x0000001a push 7C34CA58h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D191F second address: 7D1926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D1A9B second address: 7D1ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FF35CC4D6FBh 0x0000000e jmp 00007FF35CC4D6F5h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D20FF second address: 7D2117 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC5EA94h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D2117 second address: 7D217C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FF35CC4D6E8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 call 00007FF35CC4D6EAh 0x0000002d mov edi, eax 0x0000002f pop ecx 0x00000030 push edx 0x00000031 cld 0x00000032 pop edx 0x00000033 push 0000001Eh 0x00000035 mov ch, DFh 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FF35CC4D6F1h 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D217C second address: 7D2196 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF35CC5EA8Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jnp 00007FF35CC5EA8Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D2196 second address: 7D219E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D219E second address: 7D21A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D24BC second address: 7D252C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FF35CC4D6E8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 sub dx, 5040h 0x0000002a lea eax, dword ptr [ebp+1247C12Bh] 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FF35CC4D6E8h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a sub dword ptr [ebp+122D18FFh], ebx 0x00000050 mov ecx, edi 0x00000052 nop 0x00000053 jng 00007FF35CC4D6FDh 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FF35CC4D6EBh 0x00000060 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80DE51 second address: 80DE55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80DFE4 second address: 80DFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E164 second address: 80E179 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E179 second address: 80E17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E17D second address: 80E181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E2EB second address: 80E2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E49F second address: 80E4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E4AA second address: 80E4AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E622 second address: 80E628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E628 second address: 80E633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E633 second address: 80E63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 80E63B second address: 80E640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 812717 second address: 812736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF35CC5EA86h 0x0000000a popad 0x0000000b pop edx 0x0000000c push ebx 0x0000000d push edi 0x0000000e jl 00007FF35CC5EA86h 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007FF35CC5EA86h 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 812736 second address: 812747 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6EDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8168E7 second address: 816922 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007FF35CC5EA86h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c jp 00007FF35CC5EA96h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FF35CC5EA94h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816922 second address: 816934 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007FF35CC4D6ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816A75 second address: 816A81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816A81 second address: 816A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816A89 second address: 816AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FF35CC5EA96h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816AA8 second address: 816AB2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816D90 second address: 816D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816F40 second address: 816F62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816F62 second address: 816F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 816F66 second address: 816F77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8174FC second address: 817502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 817502 second address: 817508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 817508 second address: 817519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 817519 second address: 81751D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 817C20 second address: 817C2D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF35CC5EA88h 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8164B4 second address: 8164B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8164B8 second address: 8164BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 81E951 second address: 81E965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF35CC4D6E6h 0x0000000a popad 0x0000000b pushad 0x0000000c jnl 00007FF35CC4D6E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 81E965 second address: 81E972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FF35CC5EA86h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 81E972 second address: 81E977 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 81EACE second address: 81EB12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF35CC5EA90h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 push edi 0x00000019 jmp 00007FF35CC5EA97h 0x0000001e pop edi 0x0000001f push eax 0x00000020 push edx 0x00000021 jnp 00007FF35CC5EA86h 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 81EB12 second address: 81EB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8214A3 second address: 8214AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 821196 second address: 8211A0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF35CC4D6E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 828FF0 second address: 82900A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA96h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82900A second address: 829035 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF35CC4D6F1h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 829035 second address: 829041 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FF35CC5EA86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82792F second address: 827935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 827935 second address: 82794D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF35CC5EA8Ch 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82794D second address: 827954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 827BFB second address: 827BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 828021 second address: 828028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D1F28 second address: 7D1F33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FF35CC5EA86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8282AF second address: 8282CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC4D6F9h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C32A second address: 82C33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FF35CC5EA86h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C33B second address: 82C33F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C33F second address: 82C34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C4AC second address: 82C4EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F5h 0x00000007 jmp 00007FF35CC4D6F9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FF35CC4D6F1h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C4EF second address: 82C509 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FF35CC5EA86h 0x00000009 jg 00007FF35CC5EA86h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jbe 00007FF35CC5EA86h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C63B second address: 82C65E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF35CC4D6EEh 0x00000009 jmp 00007FF35CC4D6F1h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82C65E second address: 82C66D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007FF35CC5EA86h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F16F second address: 82F17A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F2A0 second address: 82F2AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007FF35CC5EA8Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F2AF second address: 82F2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6F3h 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F705 second address: 82F71E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF35CC5EA91h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F71E second address: 82F734 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 82F734 second address: 82F73D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 838BCE second address: 838BE1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jnp 00007FF35CC4D6E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 836EE8 second address: 836EFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Dh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 836EFE second address: 836F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8372C9 second address: 8372CF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 838677 second address: 838682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 838682 second address: 838694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA8Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 838694 second address: 83869A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 838937 second address: 83893D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843880 second address: 843884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843A22 second address: 843A42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA98h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843A42 second address: 843A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6F8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843A5E second address: 843A7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA90h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FF35CC5EA86h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843A7A second address: 843A8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007FF35CC4D6E6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843BDA second address: 843C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FF35CC5EA8Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d jo 00007FF35CC5EA86h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF35CC5EA97h 0x0000001b jl 00007FF35CC5EA88h 0x00000021 push edx 0x00000022 pop edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 843E71 second address: 843E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jnc 00007FF35CC4D6F5h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 844162 second address: 844166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84ADAC second address: 84ADB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF35CC4D6EEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84ADB8 second address: 84ADE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF35CC5EA8Eh 0x0000000d jmp 00007FF35CC5EA95h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84B577 second address: 84B58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007FF35CC4D6EDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84B58E second address: 84B59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FF35CC5EA88h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84B6FB second address: 84B6FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84B6FF second address: 84B705 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 84B85D second address: 84B863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8533C0 second address: 8533C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8533C6 second address: 8533DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8533DC second address: 8533E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8533E2 second address: 8533EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF35CC4D6E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8620B3 second address: 8620C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8620C4 second address: 8620F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC4D6EDh 0x00000009 pop ecx 0x0000000a popad 0x0000000b jnp 00007FF35CC4D70Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 jmp 00007FF35CC4D6F6h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 86B8DD second address: 86B8E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 86B8E1 second address: 86B8E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 86B8E7 second address: 86B8ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 86B8ED second address: 86B8FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 876824 second address: 876839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF35CC5EA86h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007FF35CC5EA86h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 876839 second address: 876857 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F4h 0x00000007 jne 00007FF35CC4D6E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 876857 second address: 87685D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8780F8 second address: 8780FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8780FC second address: 87810C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FF35CC5EA86h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87810C second address: 878110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 797D1D second address: 797D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA8Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 797D33 second address: 797D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jmp 00007FF35CC4D6EBh 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF35CC4D6F9h 0x00000014 popad 0x00000015 jng 00007FF35CC4D6ECh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87DD5A second address: 87DD64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87DD64 second address: 87DD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87DD6D second address: 87DD71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87E1B2 second address: 87E1C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF35CC4D6E8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87E5F8 second address: 87E601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87E601 second address: 87E605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87E605 second address: 87E60D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 87E60D second address: 87E625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F3h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 88C0F3 second address: 88C0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 88C0F9 second address: 88C110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF35CC4D6F0h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 88C110 second address: 88C116 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B2E04 second address: 8B2E12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B2E12 second address: 8B2E27 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF35CC5EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FF35CC5EA92h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B2E27 second address: 8B2E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B2E2D second address: 8B2E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007FF35CC5EA8Ch 0x0000000a jnp 00007FF35CC5EA86h 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B30F1 second address: 8B30F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B30F7 second address: 8B3112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA8Ch 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FF35CC5EA86h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B3401 second address: 8B3426 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FF35CC4D6EFh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jo 00007FF35CC4D6E6h 0x00000013 jns 00007FF35CC4D6E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B35FE second address: 8B3616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF35CC5EA8Dh 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B3616 second address: 8B361A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B361A second address: 8B3628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FF35CC5EA8Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B82D8 second address: 8B8313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 nop 0x00000007 sub edx, dword ptr [ebp+122D18B8h] 0x0000000d push dword ptr [ebp+122D2CBEh] 0x00000013 or dword ptr [ebp+1244D46Eh], ecx 0x00000019 add dword ptr [ebp+122D194Fh], ecx 0x0000001f call 00007FF35CC4D6E9h 0x00000024 push esi 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FF35CC4D6F0h 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B8313 second address: 8B8338 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 ja 00007FF35CC5EA98h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B8338 second address: 8B8349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B8349 second address: 8B834F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B834F second address: 8B8355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B8355 second address: 8B8359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B8359 second address: 8B8370 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF35CC4D6EAh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B9AD9 second address: 8B9AFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC5EA8Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF35CC5EA8Dh 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B9AFA second address: 8B9B0B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF35CC4D6E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B9B0B second address: 8B9B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B9B0F second address: 8B9B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B9B1D second address: 8B9B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8B96A6 second address: 8B96AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8BB491 second address: 8BB495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8BB495 second address: 8BB4B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF35CC4D6F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d je 00007FF35CC4D6E6h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 8BB4B8 second address: 8BB4C0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D55C6 second address: 7D55D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF35CC4D6E6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRDTSC instruction interceptor: First address: 7D59F3 second address: 7D59FD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF35CC5EA8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSpecial instruction interceptor: First address: 62894C instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSpecial instruction interceptor: First address: 7C7756 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSpecial instruction interceptor: First address: 7F3852 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSpecial instruction interceptor: First address: 85A518 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0062C084 rdtsc 0_2_0062C084
    Source: C:\Users\user\Desktop\ghumRvJGY9.exe TID: 4900Thread sleep time: -90000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exe TID: 4900Thread sleep time: -30000s >= -30000sJump to behavior
    Source: ghumRvJGY9.exe, ghumRvJGY9.exe, 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: ghumRvJGY9.exe, 00000000.00000003.2184278585.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185217236.0000000001100000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: ghumRvJGY9.exe, 00000000.00000003.2184278585.00000000010FF000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185217236.0000000001100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
    Source: ghumRvJGY9.exe, 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile opened: SICE
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0062C084 rdtsc 0_2_0062C084
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeCode function: 0_2_0060E110 LdrInitializeThunk,0_2_0060E110

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: ghumRvJGY9.exeString found in binary or memory: bashfulacid.lat
    Source: ghumRvJGY9.exeString found in binary or memory: tentabatte.lat
    Source: ghumRvJGY9.exeString found in binary or memory: curverpluch.lat
    Source: ghumRvJGY9.exeString found in binary or memory: talkynicer.lat
    Source: ghumRvJGY9.exeString found in binary or memory: shapestickyr.lat
    Source: ghumRvJGY9.exeString found in binary or memory: manyrestro.lat
    Source: ghumRvJGY9.exeString found in binary or memory: slipperyloo.lat
    Source: ghumRvJGY9.exeString found in binary or memory: wordyfindy.lat
    Source: ghumRvJGY9.exeString found in binary or memory: observerfry.lat
    Source: ghumRvJGY9.exe, ghumRvJGY9.exe, 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: $oProgram Manager
    Source: C:\Users\user\Desktop\ghumRvJGY9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping641
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    ghumRvJGY9.exe66%ReversingLabsWin32.Ransomware.StealC
    ghumRvJGY9.exe100%AviraTR/Crypt.XPACK.Gen
    ghumRvJGY9.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://tentabatte.lat/api100%Avira URL Cloudmalware
    https://bashfulacid.lat:443/api100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      wordyfindy.lat
      		unknown
      		unknownfalse
        		high
        slipperyloo.lat
        		unknown
        		unknownfalse
          		high
          curverpluch.lat
          		unknown
          		unknownfalse
            		high
            tentabatte.lat
            		unknown
            		unknownfalse
              		high
              manyrestro.lat
              		unknown
              		unknownfalse
                		high
                bashfulacid.lat
                		unknown
                		unknownfalse
                  		high
                  shapestickyr.lat
                  		unknown
                  		unknownfalse
                    		high
                    observerfry.lat
                    		unknown
                    		unknownfalse
                      		high
                      talkynicer.lat
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        slipperyloo.latfalse
                          		high
                          curverpluch.latfalse
                            		high
                            tentabatte.latfalse
                              		high
                              manyrestro.latfalse
                                		high
                                bashfulacid.latfalse
                                  		high
                                  observerfry.latfalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        shapestickyr.latfalse
                                          		high
                                          talkynicer.latfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.comghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tentabatte.lat/apighumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/0ghumRvJGY9.exe, 00000000.00000003.2184278585.0000000001112000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcastsghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://help.steampowered.com/en/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/market/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://store.steampowered.com/news/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://store.steampowered.com/subscriber_agreement/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.gstatic.cn/recaptcha/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://store.steampowered.com/subscriber_agreement/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://recaptcha.net/recaptcha/;ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.valvesoftware.com/legal.htmghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://steamcommunity.com/discussions/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.comghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.comghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://store.steampowered.com/stats/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://medal.tvghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://broadcast.st.dl.eccdnx.comghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://store.steampowered.com/steam_refunds/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bashfulacid.lat:443/apighumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://s.ytimg.com;ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRighumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/workshop/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://login.steampowered.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbghumRvJGY9.exe, 00000000.00000003.2184278585.0000000001112000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/legal/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=englighumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steam.tv/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://store.steampowered.com/privacy_agreement/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com:443/profiles/76561199724331900ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010DB000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185143180.00000000010DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/points/shop/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://recaptcha.netghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.comghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://sketchfab.comghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://lv.queniujq.cnghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.youtube.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://127.0.0.1:27060ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/privacy_agreement/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.google.com/recaptcha/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://checkout.steampowered.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://help.steampowered.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://api.steampowered.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/points/shopghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://store.steampowered.com/account/cookiepreferences/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184152440.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://store.steampowered.com/mobileghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000002.2185066609.00000000010C7000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/;ghumRvJGY9.exe, 00000000.00000002.2185234949.0000000001112000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/about/ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001149000.00000004.00000020.00020000.00000000.sdmp, ghumRvJGY9.exe, 00000000.00000003.2184082785.0000000001150000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high

                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                    104.102.49.254
                                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                                    		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                    General Information

                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                    Analysis ID:1580913
                                                                                                                                                                                                    Start date and time:2024-12-26 13:06:55 +01:00
                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 3m 1s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                    Number of analysed new started processes analysed:2
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Sample name:ghumRvJGY9.exe
                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                    Original Sample Name:89b4b96d1edc5252b78c1938de98d5d3.exe
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63
                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                    • VT rate limit hit for: ghumRvJGY9.exe

                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    07:07:47API Interceptor7x Sleep call for process: ghumRvJGY9.exe modified

                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                    IPs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                    • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                    http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    steamcommunity.comz3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    k6olCJyvIj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                    BeoHXxE7q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 23.55.153.106

                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    AKAMAI-ASUSi8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                    • 104.121.10.34
                                                                                                                                                                                                    Google Authenticator You're trying to sign in from a new location.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 2.19.198.51
                                                                                                                                                                                                    xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.41.55.10
                                                                                                                                                                                                    xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.64.163.184
                                                                                                                                                                                                    xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.194.143.78
                                                                                                                                                                                                    telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 104.116.58.253
                                                                                                                                                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 184.84.140.11
                                                                                                                                                                                                    armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 23.64.11.148
                                                                                                                                                                                                    Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 2.19.198.75
                                                                                                                                                                                                    nklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 23.42.205.234

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1z3IxCpcpg4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    GtEVo1eO2p.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    AiaStwRBdI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    HJVzgKyC0y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    rUfr2hQGOb.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    YhF4vhbnMW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    SPFFah2O2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    B8NcU4mckY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    k6olCJyvIj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                    BeoHXxE7q3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.102.49.254

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    No created / dropped files found

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.94857837828958
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                    File name:ghumRvJGY9.exe
                                                                                                                                                                                                    File size:1'848'320 bytes
                                                                                                                                                                                                    MD5:89b4b96d1edc5252b78c1938de98d5d3
                                                                                                                                                                                                    SHA1:ce73038e1d3f9d6f0aa09fee0e6017814e8d1020
                                                                                                                                                                                                    SHA256:e8831b78205d6e0e8774f902ad4bffbad701c0d6b67ec4398b9fec765dbba2af
                                                                                                                                                                                                    SHA512:2d42b9f5e444c9455b36d0a114ff7b81fd4d9a842cdb39d41e5fd8f2d9d288b3718fd84182094d6af8a2b6be24fe43da525af3054b45e6a10c005c5dabc6e8a8
                                                                                                                                                                                                    SSDEEP:49152:x1U8gwA3fl1wNgQqHwEb1y7Se1XFQxAKHBj:x1UjfNQEb161Vy
                                                                                                                                                                                                    TLSH:E48533796E03D6FBEA2324B65DF166B7493FBA4641E2F710614532E3F987A0328C1C52
                                                                                                                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................I...........@..........................0I......'....@.................................Y@..m..

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x890000
                                                                                                                                                                                                    Entrypoint Section:.taggant
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    jmp 00007FF35D0EA6FAh
                                                                                                                                                                                                    movlps xmm3, qword ptr [eax+eax]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    jmp 00007FF35D0EC6F5h
                                                                                                                                                                                                    add byte ptr [esi], al
                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], dh
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax+00000000h], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [edx], ah
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax+eax*4], cl
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    push es
                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], dh
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add al, 00h
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [ecx], al
                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    or ecx, dword ptr [edx]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    inc eax
                                                                                                                                                                                                    or al, byte ptr [eax]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [ecx], al
                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    adc byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add dword ptr [edx], ecx
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    xor byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    pop es
                                                                                                                                                                                                    add byte ptr [eax], 00000000h
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    0x10000x520000x264008fc15ca75c4c2ff6f172792a8b94e7b8False0.9994957618464052data7.978734653117064IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    0x550000x2a00000x2001bee9b72edaa9aa00019ad41d7ef660eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    ndzknjyx0x2f50000x19a0000x199400019e4c8d5231c1adc21ab3ce11990561False0.9947192845143555data7.9533485247893845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    xgvuhuxm0x48f0000x10000x40004844cc3f4735024dfaf1501ce77614aFalse0.69921875data5.755610181853844IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                    .taggant0x4900000x30000x22009586b7d861f9466ec1f3271d76168cb7False0.05652573529411765DOS executable (COM)0.6726989383587308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    kernel32.dlllstrcpy

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                    2024-12-26T13:07:48.347159+01002058514ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)1192.168.2.6539781.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:48.615292+01002058502ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)1192.168.2.6557771.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:48.897561+01002058492ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)1192.168.2.6545311.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:49.209467+01002058500ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)1192.168.2.6492381.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:49.433161+01002058510ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)1192.168.2.6521641.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:49.659764+01002058484ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)1192.168.2.6500991.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:49.911129+01002058512ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)1192.168.2.6627631.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:50.136805+01002058480ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)1192.168.2.6598171.1.1.153UDP
                                                                                                                                                                                                    2024-12-26T13:07:52.104952+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649708104.102.49.254443TCP
                                                                                                                                                                                                    2024-12-26T13:07:52.946924+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649708104.102.49.254443TCP

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.623418093 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.623467922 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.623598099 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.626668930 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.626681089 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.104785919 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.104952097 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.108746052 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.108757973 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.108980894 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.155695915 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.157495975 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.203341007 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.946968079 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.946996927 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947037935 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947042942 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947067022 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947084904 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947097063 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947113037 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947113037 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947138071 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:52.947138071 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.135977030 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.136035919 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.136076927 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.136116982 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.136152983 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.138379097 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.138402939 CET44349708104.102.49.254192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.138413906 CET49708443192.168.2.6104.102.49.254
                                                                                                                                                                                                    Dec 26, 2024 13:07:53.138422012 CET44349708104.102.49.254192.168.2.6

                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.032233953 CET5308153192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.342730999 CET53530811.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.347158909 CET5397853192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.576594114 CET53539781.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.615292072 CET5577753192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.839546919 CET53557771.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.897561073 CET5453153192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.204298973 CET53545311.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.209466934 CET4923853192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.427225113 CET53492381.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.433161020 CET5216453192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.656958103 CET53521641.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.659764051 CET5009953192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.907772064 CET53500991.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.911128998 CET6276353192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.133555889 CET53627631.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.136805058 CET5981753192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.392035007 CET53598171.1.1.1192.168.2.6
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.395102024 CET6127453192.168.2.61.1.1.1
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.618071079 CET53612741.1.1.1192.168.2.6

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.032233953 CET192.168.2.61.1.1.10xfcfcStandard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.347158909 CET192.168.2.61.1.1.10xecf5Standard query (0)wordyfindy.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.615292072 CET192.168.2.61.1.1.10xff67Standard query (0)slipperyloo.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.897561073 CET192.168.2.61.1.1.10xf48dStandard query (0)manyrestro.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.209466934 CET192.168.2.61.1.1.10x8054Standard query (0)shapestickyr.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.433161020 CET192.168.2.61.1.1.10x8dd1Standard query (0)talkynicer.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.659764051 CET192.168.2.61.1.1.10x3c7eStandard query (0)curverpluch.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.911128998 CET192.168.2.61.1.1.10x672aStandard query (0)tentabatte.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.136805058 CET192.168.2.61.1.1.10x10d3Standard query (0)bashfulacid.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.395102024 CET192.168.2.61.1.1.10xd9c8Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.342730999 CET1.1.1.1192.168.2.60xfcfcName error (3)observerfry.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.576594114 CET1.1.1.1192.168.2.60xecf5Name error (3)wordyfindy.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:48.839546919 CET1.1.1.1192.168.2.60xff67Name error (3)slipperyloo.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.204298973 CET1.1.1.1192.168.2.60xf48dName error (3)manyrestro.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.427225113 CET1.1.1.1192.168.2.60x8054Name error (3)shapestickyr.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.656958103 CET1.1.1.1192.168.2.60x8dd1Name error (3)talkynicer.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:49.907772064 CET1.1.1.1192.168.2.60x3c7eName error (3)curverpluch.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.133555889 CET1.1.1.1192.168.2.60x672aName error (3)tentabatte.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.392035007 CET1.1.1.1192.168.2.60x10d3Name error (3)bashfulacid.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Dec 26, 2024 13:07:50.618071079 CET1.1.1.1192.168.2.60xd9c8No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                    • steamcommunity.com

                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.649708104.102.49.2544432096C:\Users\user\Desktop\ghumRvJGY9.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-12-26 12:07:52 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                    2024-12-26 12:07:52 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Date: Thu, 26 Dec 2024 12:07:52 GMT
                                                                                                                                                                                                    Content-Length: 25665
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Set-Cookie: sessionid=c7fb3040c3785ac1f4f5daed; Path=/; Secure; SameSite=None
                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                    2024-12-26 12:07:52 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                    2024-12-26 12:07:53 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                    Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:07:07:45
                                                                                                                                                                                                    Start date:26/12/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\ghumRvJGY9.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\ghumRvJGY9.exe"
                                                                                                                                                                                                    Imagebase:0x5d0000
                                                                                                                                                                                                    File size:1'848'320 bytes
                                                                                                                                                                                                    MD5 hash:89B4B96D1EDC5252B78C1938DE98D5D3
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:0.6%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:28.3%
                                                                                                                                                                                                      Total number of Nodes:60
                                                                                                                                                                                                      Total number of Limit Nodes:4
                                                                                                                                                                                                      execution_graph 21362 60e760 21363 60e780 21362->21363 21363->21363 21364 60e7be 21363->21364 21366 60e110 LdrInitializeThunk 21363->21366 21366->21364 21380 5d9d1e 21381 5d9d40 21380->21381 21381->21381 21382 5d9d94 LoadLibraryExW 21381->21382 21383 5d9da5 21382->21383 21384 5d9e74 LoadLibraryExW 21383->21384 21385 5d9e85 21384->21385 21386 629521 21387 6298a5 VirtualAlloc 21386->21387 21389 62a480 21387->21389 21390 60e967 21391 60e980 21390->21391 21394 60e110 LdrInitializeThunk 21391->21394 21393 60e9ef 21394->21393 21395 60eb88 21396 60eba0 21395->21396 21398 60ebde 21396->21398 21402 60e110 LdrInitializeThunk 21396->21402 21400 60ec4e 21398->21400 21401 60e110 LdrInitializeThunk 21398->21401 21401->21400 21402->21398 21403 60ea29 21404 60ea50 21403->21404 21405 60ea8e 21404->21405 21410 60e110 LdrInitializeThunk 21404->21410 21409 60e110 LdrInitializeThunk 21405->21409 21408 60eb59 21409->21408 21410->21405 21411 5d9eb7 21414 60fe00 21411->21414 21415 5d9ec7 WSAStartup 21414->21415 21416 62928f VirtualAlloc 21417 6292b8 21416->21417 21418 60c570 21419 60c583 21418->21419 21420 60c585 21418->21420 21421 60c58a RtlFreeHeap 21420->21421 21422 5da369 21423 5da430 21422->21423 21423->21423 21426 5db100 21423->21426 21425 5da479 21428 5db190 21426->21428 21429 5db1b5 21428->21429 21430 60e0a0 RtlFreeHeap 21428->21430 21429->21425 21430->21428 21431 60c55c RtlAllocateHeap 21432 60ec9c 21434 60ec9f 21432->21434 21433 60ed6e 21434->21433 21436 60e110 LdrInitializeThunk 21434->21436 21436->21433 21437 5d8600 21441 5d860f 21437->21441 21438 5d8a48 ExitProcess 21439 5d8a31 21444 60e080 FreeLibrary 21439->21444 21441->21438 21441->21439 21443 5db7b0 FreeLibrary FreeLibrary 21441->21443 21443->21439 21444->21438 21445 60679f 21447 6067bc 21445->21447 21446 60682d 21447->21446 21449 60e110 LdrInitializeThunk 21447->21449 21449->21447

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 005DB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 0 5db100-5db18b 1 5db190-5db199 0->1 1->1 2 5db19b-5db1ae 1->2 4 5db1bc-5db3db 2->4 5 5db52f-5db538 2->5 6 5db4be-5db4c7 2->6 7 5db40b-5db40f 2->7 8 5db1b5-5db1b7 2->8 9 5db414-5db4b7 call 5d7e30 2->9 10 5db4e4-5db4ef 2->10 11 5db4f6-5db4fd 2->11 35 5db3e0-5db3eb 4->35 36 5db540-5db56a 5->36 12 5db4ff-5db52a call 60fe00 6->12 13 5db4ce-5db4df 6->13 37 5db6d3-5db6dc 7->37 34 5db6df-5db6e6 8->34 9->5 9->6 9->10 9->11 14 5db69c-5db6b1 9->14 15 5db79f 9->15 16 5db65e-5db668 9->16 17 5db6fe-5db710 9->17 18 5db717-5db741 call 60e0a0 9->18 19 5db5f7-5db60e call 60fe00 9->19 20 5db6f0-5db6f1 9->20 21 5db610-5db61e 9->21 22 5db792-5db79a 9->22 23 5db76f 9->23 24 5db66f-5db687 call 60fe00 9->24 25 5db789 9->25 26 5db689-5db697 9->26 27 5db748-5db76d 9->27 28 5db647-5db657 9->28 29 5db780 9->29 30 5db5e3-5db5f0 9->30 31 5db623-5db640 9->31 32 5db782 9->32 10->5 10->11 10->14 10->15 10->16 10->17 10->18 10->19 10->20 10->21 10->22 10->23 10->24 10->25 10->26 10->27 10->28 10->29 10->30 10->31 10->32 33 5db572-5db592 11->33 45 5db6c6-5db6d0 12->45 13->45 50 5db6ba-5db6bd 14->50 40 5db7a2-5db7a9 15->40 16->19 16->21 16->24 16->26 17->15 17->18 17->19 17->21 17->23 17->24 17->25 17->26 17->27 17->29 17->32 18->15 18->19 18->21 18->23 18->24 18->25 18->26 18->27 18->29 18->32 19->21 55 5db6f8 20->55 21->50 22->20 43 5db774-5db77a 23->43 24->26 25->22 26->40 27->43 28->14 28->15 28->16 28->17 28->18 28->19 28->20 28->21 28->22 28->23 28->24 28->25 28->26 28->27 28->29 28->32 30->19 30->21 31->14 31->15 31->16 31->17 31->18 31->19 31->20 31->21 31->22 31->23 31->24 31->25 31->26 31->27 31->28 31->29 31->32 32->25 48 5db5a0-5db5bd 33->48 35->35 42 5db3ed-5db3f8 35->42 36->36 47 5db56c-5db56f 36->47 37->34 40->50 62 5db3fb-5db404 42->62 43->29 45->37 47->33 48->48 54 5db5bf-5db5dc 48->54 50->45 54->14 54->15 54->16 54->17 54->18 54->19 54->20 54->21 54->22 54->23 54->24 54->25 54->26 54->27 54->28 54->29 54->30 54->31 54->32 55->17 62->5 62->6 62->7 62->9 62->10 62->11 62->14 62->15 62->16 62->17 62->18 62->19 62->20 62->21 62->22 62->23 62->24 62->25 62->26 62->27 62->28 62->29 62->30 62->31 62->32
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                      • API String ID: 0-620192811
                                                                                                                                                                                                      • Opcode ID: 7e393b6d524620435d1d858d8ef06b8fb2e75bbc51ac923a8a626e7305a4ec32
                                                                                                                                                                                                      • Instruction ID: e8236f8d94fad58b75af39fcae12bd585fa659df7bf6d2dac5443501313519f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e393b6d524620435d1d858d8ef06b8fb2e75bbc51ac923a8a626e7305a4ec32
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 430245B1200B01CFD324CF25D891BA7BBE2FB45314F148A2ED5AB8BAA0D774A445CF90
                                                                                                                                                                                                      Function 005D8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 74 5d8600-5d8611 call 60d9a0 77 5d8a48-5d8a4f ExitProcess 74->77 78 5d8617-5d861e call 6062a0 74->78 81 5d8624-5d864a 78->81 82 5d8a31-5d8a38 78->82 90 5d864c-5d864e 81->90 91 5d8650-5d887f 81->91 83 5d8a3a-5d8a40 call 5d7f60 82->83 84 5d8a43 call 60e080 82->84 83->84 84->77 90->91 93 5d8880-5d88ce 91->93 93->93 94 5d88d0-5d891d call 60c540 93->94 97 5d8920-5d8943 94->97 98 5d8945-5d8962 97->98 99 5d8964-5d897c 97->99 98->97 101 5d8a0d-5d8a1b call 5d9d00 99->101 102 5d8982-5d8a0b 99->102 104 5d8a20-5d8a25 101->104 102->101 104->82 105 5d8a27-5d8a2c call 5dcb90 call 5db7b0 104->105 105->82
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 005D8A4A
                                                                                                                                                                                                        • Part of subcall function 005DB7B0: FreeLibrary.KERNEL32(005D8A31), ref: 005DB7B6
                                                                                                                                                                                                        • Part of subcall function 005DB7B0: FreeLibrary.KERNEL32 ref: 005DB7D7
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                      • String ID: b]u)$}$}
                                                                                                                                                                                                      • API String ID: 1614911148-2900034282
                                                                                                                                                                                                      • Opcode ID: 0b88ba0077bf325693c80a4c80dd03fd6faf645c42891e58a57047ee5ffd7be3
                                                                                                                                                                                                      • Instruction ID: 71acbbf93f9028dfcc0362c9e7095e8766182149afb4ecdbf395ce142bb4056b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b88ba0077bf325693c80a4c80dd03fd6faf645c42891e58a57047ee5ffd7be3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAC1F773A187154BC718DF6DC84125AFBD6ABC4710F0EC52EA898EB395EA74DC048BC5
                                                                                                                                                                                                      Function 0060E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 157 60e110-60e142 LdrInitializeThunk
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LdrInitializeThunk.NTDLL(0061148A,?,00000018,?,?,00000018,?,?,?), ref: 0060E13E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                      Function 00611720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 159 611720-611741 160 611750-61176b 159->160 160->160 161 61176d-611779 160->161 162 6117e0-6117e5 161->162 163 61177b-611785 161->163 165 611879-61187b 162->165 166 6117eb-6117ff 162->166 164 611790-611797 163->164 168 611799-6117a7 164->168 169 6117ad-6117b5 164->169 170 61188d-611894 165->170 171 61187d-611884 165->171 167 611800-61181b 166->167 167->167 172 61181d-611828 167->172 168->164 173 6117a9-6117ab 168->173 169->162 174 6117b7-6117d8 call 60e110 169->174 175 611886 171->175 176 61188a 171->176 177 611871-611873 172->177 178 61182a-611832 172->178 173->162 182 6117dd 174->182 175->176 176->170 177->165 181 611875 177->181 180 611840-611847 178->180 183 611850-611856 180->183 184 611849-61184c 180->184 181->165 182->162 183->177 186 611858-61186e call 60e110 183->186 184->180 185 61184e 184->185 185->177 186->177
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                      • String ID: =<32
                                                                                                                                                                                                      • API String ID: 2994545307-852023076
                                                                                                                                                                                                      • Opcode ID: cb94f13255db424fdd3a14408758f49f8e2e7137a5b6501b8c5b239c155c5f45
                                                                                                                                                                                                      • Instruction ID: 82bed344efaed1c000da2d5c962d03d4ff4893d6fba8b62e03b75ae937438e00
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb94f13255db424fdd3a14408758f49f8e2e7137a5b6501b8c5b239c155c5f45
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF311338709304ABE7549A549C91BFBB3A7EB86750F1CC52DE6859B3E0D631DC809782
                                                                                                                                                                                                      Function 005D9D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 109 5d9d1e-5d9d34 110 5d9d40-5d9d52 109->110 110->110 111 5d9d54-5d9d7e 110->111 112 5d9d80-5d9d92 111->112 112->112 113 5d9d94-5d9e13 LoadLibraryExW call 60d960 112->113 116 5d9e20-5d9e32 113->116 116->116 117 5d9e34-5d9e5e 116->117 118 5d9e60-5d9e72 117->118 118->118 119 5d9e74-5d9e80 LoadLibraryExW call 60d960 118->119 121 5d9e85-5d9e98 119->121
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 005D9D98
                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000), ref: 005D9E78
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                      • String ID: CKf
                                                                                                                                                                                                      • API String ID: 1029625771-985774120
                                                                                                                                                                                                      • Opcode ID: d5997c493d3d9c0bf5ec51b15f697661a8d9684de021f4b615d1593c3b75c298
                                                                                                                                                                                                      • Instruction ID: 9703c3b9fe01fccf5b6b7c837b6e4780bffb5a206f8044b5edf2b8cb37ded606
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5997c493d3d9c0bf5ec51b15f697661a8d9684de021f4b615d1593c3b75c298
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D4112B4D003409FE7249F7899D2A9A7F72FB06324F54529ED4902F3A6C631940ACBE2
                                                                                                                                                                                                      Function 005D9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 149 5d9eb7-5d9ef7 call 60fe00 WSAStartup
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 005D9ED2
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Startup
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 724789610-0
                                                                                                                                                                                                      • Opcode ID: 7e5b30628a1f0b7ae742899bf0d7c884b26db3dd8582dd09279204651b185694
                                                                                                                                                                                                      • Instruction ID: 2cf8c0888e7c4b403ec59533ffc926387553d7cbe6d1cd3299ab1c90dfeacc83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e5b30628a1f0b7ae742899bf0d7c884b26db3dd8582dd09279204651b185694
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCE02B33681602DBD704DB70EC47ECA7357DB5534170DD42AE116C2072FA7295109A50
                                                                                                                                                                                                      Function 0060C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 152 60c570-60c57c 153 60c583-60c584 152->153 154 60c585-60c597 call 60f990 RtlFreeHeap 152->154
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,00000000,?,0060E0F9), ref: 0060C590
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                      • Opcode ID: 3dfcc66854c6dad0e064ea2a363918be3d17247b52e45ad322e7c8178116c8ec
                                                                                                                                                                                                      • Instruction ID: bffad639a3c86285f72227dc9d791e0c6362eab3e3269565dcac1bcca36104c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dfcc66854c6dad0e064ea2a363918be3d17247b52e45ad322e7c8178116c8ec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9D0C932459522FBC6642F28BC15BC73A96EF49760F075891B4446A5B4C624EC91CAE4
                                                                                                                                                                                                      Function 0060C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 158 60c55c-60c568 RtlAllocateHeap
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,00000000), ref: 0060C561
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                      • Opcode ID: ecae43bdce55f187232f3a2648e66fe2ef786d7cf161b7d3596fd13cd1eeb928
                                                                                                                                                                                                      • Instruction ID: 0c5044202f018eec7b7b557291b41a7cb6a9f7f96e6515427a3a34ba0ebe8bb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecae43bdce55f187232f3a2648e66fe2ef786d7cf161b7d3596fd13cd1eeb928
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEA001B2184511ABDA662B24BC19B847A22AB58621F125291E101594B6866198929A84
                                                                                                                                                                                                      Function 0062928F Relevance: 1.3, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 006292A6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 8ba27377f83a30e7e73810e13ba80e7fc7aaad44e4d627e3f98175d18ab69a91
                                                                                                                                                                                                      • Instruction ID: 6bc609629467b7b34d9821ab5c644db550b706b6f07aa76660ea6f0b5d319fab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ba27377f83a30e7e73810e13ba80e7fc7aaad44e4d627e3f98175d18ab69a91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A11277380CA24DBD3047F28E88A2AEBBE1EF54310F29462ED9D153740EA714C118E93
                                                                                                                                                                                                      Function 00629521 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 0062A1BE
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: 855e5d2eb7883ac69a5d5373a9a697cbe7524f52c64492a29de489a440aa52e1
                                                                                                                                                                                                      • Instruction ID: d728da21b9edce955696e98e336c2f90b92fe86b8a0f0d9533ee305e2c234c62
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 855e5d2eb7883ac69a5d5373a9a697cbe7524f52c64492a29de489a440aa52e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C014CB351CE28DFF3005E2ABC0407AB5E7ABE4741F36491EC8828B644E6B14C829B52

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 005F42D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 005F43AA
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 005F443E
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                      • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$RE_$Xs$bF_$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                      • API String ID: 237503144-3644979446
                                                                                                                                                                                                      • Opcode ID: c3410c965c68840e8491e74d33dd5f07a2af98277f51b0e319bffe1e056b1f42
                                                                                                                                                                                                      • Instruction ID: 63173ba4a3c5f18d2ee0b81fe95fb01e237ca3a9a60d43976c667d3f810a7e73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3410c965c68840e8491e74d33dd5f07a2af98277f51b0e319bffe1e056b1f42
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DC20CB560D3848AD334CF54C4527DFBAF2FB82300F00892DD6E96B255D7B5864A8B9B
                                                                                                                                                                                                      Function 00609280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeString
                                                                                                                                                                                                      • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                      • API String ID: 3341692771-1335595022
                                                                                                                                                                                                      • Opcode ID: 17f0dd8c4ab917e19a3ad16aef8340db661fa33430e9f3b5342a591991efb12d
                                                                                                                                                                                                      • Instruction ID: 8fe188b105e384bb32d8b2123862fdd2cfdb32296cd5cb0062d0cbda42785759
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17f0dd8c4ab917e19a3ad16aef8340db661fa33430e9f3b5342a591991efb12d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66223272A583119BE314CF28C881B9BBBE2EFC5314F18C92CE5D49B392D675D845CB92
                                                                                                                                                                                                      Function 005E60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                      • API String ID: 0-2746398225
                                                                                                                                                                                                      • Opcode ID: 5cd9e7ec2627afef60143531b9b84586ea0142908331d0cb27415e287f10711a
                                                                                                                                                                                                      • Instruction ID: 69b1e55825d2720a9fb0261f06bb8dab166cc0cf8d5c16f041ca4660f53bc087
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cd9e7ec2627afef60143531b9b84586ea0142908331d0cb27415e287f10711a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F4226B66083918FC7288F29D8957ABBBE2FFD5344F19893DD4D987256D7308805CB82
                                                                                                                                                                                                      Function 005E1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                      • API String ID: 0-4163809010
                                                                                                                                                                                                      • Opcode ID: 566eb5be6de023d7da5a4eb5014a3bf803e200e01f7b4d8dc7c40df95e37ebbb
                                                                                                                                                                                                      • Instruction ID: 678cf243629282c9aef2488cafbca3f6f4f0e0217a6534048d309a08af40d262
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 566eb5be6de023d7da5a4eb5014a3bf803e200e01f7b4d8dc7c40df95e37ebbb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4528F7260C7C18BC7289B39C5953AEBFE1BBD9320F194A2ED4D9C7382D63489418B46
                                                                                                                                                                                                      Function 0078E048 Relevance: 14.2, Strings: 10, Instructions: 1685COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: L=s$!_m$1as{$@^^$@^^$C)v}$K0;$S.>C$bS7=$e-r}
                                                                                                                                                                                                      • API String ID: 0-1237314391
                                                                                                                                                                                                      • Opcode ID: 454d2514617d5d8ccbcf04134214c86e54e4d6ba5e962bd32a987d0b0e681975
                                                                                                                                                                                                      • Instruction ID: ea02adcb4ff6f3d382aeb9375096178e8fe2bbc43619fe406e4c7163d59e886a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 454d2514617d5d8ccbcf04134214c86e54e4d6ba5e962bd32a987d0b0e681975
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4B24EF3A082049FE304AE2DEC8567AF7D9EFD4720F1A463DEAC4C7344E93559058692
                                                                                                                                                                                                      Function 005E747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: _^]\
                                                                                                                                                                                                      • API String ID: 0-3116432788
                                                                                                                                                                                                      • Opcode ID: 516759ccf7e26c1f5c8c9c2f99bdc448b87b322bf48757eb51dd1db7a15f433f
                                                                                                                                                                                                      • Instruction ID: 8755a974e7e31e55c4cb936d9a9b8b1e46f6952e5eab44880fb7f70f9a9de94e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 516759ccf7e26c1f5c8c9c2f99bdc448b87b322bf48757eb51dd1db7a15f433f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A82387150C3518BC728CF29C8917ABBBE2FFC9314F198A6DE8D59B2A5E7348805C752
                                                                                                                                                                                                      Function 005D9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                      • API String ID: 0-3116088196
                                                                                                                                                                                                      • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                      • Instruction ID: 172a5d76e200fe153c9ea63107ce88c6cbb54811bbefaa5d595200beadcef0ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BC1257160C3D54BD322CF6994A076BFFD1AFD7210F084AAEE4D51B386D275890ACB92
                                                                                                                                                                                                      Function 0064C0BC Relevance: 8.0, Strings: 6, Instructions: 534COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: !$#$#$+$G$p
                                                                                                                                                                                                      • API String ID: 0-2205341977
                                                                                                                                                                                                      • Opcode ID: e2843148e86e7d05f86146c1c102469782602e90050be6e3425713ff821e03bf
                                                                                                                                                                                                      • Instruction ID: d782d70c8db5140cc2256b153fde8e30bb5f0c80ec2a0c48b5ef0620a1a5826c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2843148e86e7d05f86146c1c102469782602e90050be6e3425713ff821e03bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2027DF3F625140BF7944439CD583A2158387E5324F2FC2798A589BBCADCBE9D4A4398
                                                                                                                                                                                                      Function 005F81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 005F84BD
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 005F85B4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                      • String ID: LF7Y$_^]\
                                                                                                                                                                                                      • API String ID: 237503144-3688711800
                                                                                                                                                                                                      • Opcode ID: 8c713a6ea5d2fcda2abb09382d52e2666a09fe8028805e012339a1cedb7b414f
                                                                                                                                                                                                      • Instruction ID: b0b131eb12615d1dd9b5630fa515d40bf42ccdeb44fd841fcb3e87e18790c027
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c713a6ea5d2fcda2abb09382d52e2666a09fe8028805e012339a1cedb7b414f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F722F371908342CFD7248F28D88076FBBE2FF89310F198A6DEA95573A1D7359941CB92
                                                                                                                                                                                                      Function 005F83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 005F84BD
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 005F85B4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                      • String ID: LF7Y$_^]\
                                                                                                                                                                                                      • API String ID: 237503144-3688711800
                                                                                                                                                                                                      • Opcode ID: 4019f86dbdbfff58093f9c6ad96a8969734c529fca80218ce2aa4254ca02e6a9
                                                                                                                                                                                                      • Instruction ID: 9bbfd3134da6b7d725ed3d57b4049f018424dbc00e0fa911d96e144de685332d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4019f86dbdbfff58093f9c6ad96a8969734c529fca80218ce2aa4254ca02e6a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F12E271908381CFD7248F28D88076FBBE2FF89310F198A6DEA99573A1D7359941CB52
                                                                                                                                                                                                      Function 0064C17F Relevance: 6.7, Strings: 5, Instructions: 404COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: !$#$+$G$p
                                                                                                                                                                                                      • API String ID: 0-565094240
                                                                                                                                                                                                      • Opcode ID: 1dccaa9c066de66eb43af5be4697e231ecc46134e940aa031f938e57d41f80c4
                                                                                                                                                                                                      • Instruction ID: 75c9cbc628100438aca757648914dcfe30f542b74ce709fca5d0c7ed03f6f0b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dccaa9c066de66eb43af5be4697e231ecc46134e940aa031f938e57d41f80c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29D148B3F625540AF7954439CD183E2198387E6321F2FC2758A489BBCADCBE9C4B4359
                                                                                                                                                                                                      Function 007981FF Relevance: 6.6, Strings: 4, Instructions: 1650COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: NW$o8~^$o>$veO
                                                                                                                                                                                                      • API String ID: 0-3095162377
                                                                                                                                                                                                      • Opcode ID: 7c3265df35bc76a5893011200d3b60c4905f6c6c01ca0e608794f0bed5402380
                                                                                                                                                                                                      • Instruction ID: f8447df4ee5f3985b4b7d0e0c7768af634a1e29ec586b5d2c1d5007eba7bf015
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c3265df35bc76a5893011200d3b60c4905f6c6c01ca0e608794f0bed5402380
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1B2F6F360C2049FE704AE2DEC8577ABBE9EF94720F1A493DEAC4C7744E63558048696
                                                                                                                                                                                                      Function 0079D088 Relevance: 6.6, Strings: 4, Instructions: 1558COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: '7w?$/(['$2{D1$4q1
                                                                                                                                                                                                      • API String ID: 0-3115504423
                                                                                                                                                                                                      • Opcode ID: 82e17df03a7c27c231cef2b11ceb4208f00f524545fab2ff286bdf8a7b854a95
                                                                                                                                                                                                      • Instruction ID: 2b3c9864d710b886f74e912cfe773838690611971f1628775273b7b13a174b91
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82e17df03a7c27c231cef2b11ceb4208f00f524545fab2ff286bdf8a7b854a95
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8B2E8F35082049FE304AE2DEC8567AFBE5EF94720F1A893DEAC4C7744E63598058697
                                                                                                                                                                                                      Function 005E8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                      • API String ID: 0-3257051659
                                                                                                                                                                                                      • Opcode ID: 17b3273bd9dd833db212b3d2aa3a6a3a2f9305e3fbc069403d4d8394f4682f7b
                                                                                                                                                                                                      • Instruction ID: 96a8e4762d43fd10bd8b6a8b38223d0713b4a989bdeb61a1f1320474cab8778e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17b3273bd9dd833db212b3d2aa3a6a3a2f9305e3fbc069403d4d8394f4682f7b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0A12872A153518BD718CF29DC517AFBBD2FBC4314F19CA2EE489D7391DA3888058781
                                                                                                                                                                                                      Function 005F1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                      • API String ID: 0-3993331145
                                                                                                                                                                                                      • Opcode ID: 6dd55bfec62ba33e3ce10b303a8d163828bed178fecba268b30f8592e235625b
                                                                                                                                                                                                      • Instruction ID: aeb087b00315af687a2a3eb17049a08cac564cc16b222646200b1555d5fd18a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dd55bfec62ba33e3ce10b303a8d163828bed178fecba268b30f8592e235625b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24D104B12187088BC724DF24C89167BBBF2FFD5354F089A1CE5968B3A4E7789904C786
                                                                                                                                                                                                      Function 005F91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 005F91DA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                      • String ID: +Ku$wpq
                                                                                                                                                                                                      • API String ID: 237503144-1953850642
                                                                                                                                                                                                      • Opcode ID: 4ab96806b94b3265029f97f49e1970335b58e692228b249a4a796a6f28fd838b
                                                                                                                                                                                                      • Instruction ID: 76a4f8812c9e9ad18aa4202c9fd575de39a3a750c87035f5cd91f82b98ea03d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ab96806b94b3265029f97f49e1970335b58e692228b249a4a796a6f28fd838b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4751BD7220C3168FC324CF69984076FB6F2EBC5310F55892EE59ACB285DB34D50A8B92
                                                                                                                                                                                                      Function 005F90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 005F9170
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                      • String ID: M/($M/(
                                                                                                                                                                                                      • API String ID: 237503144-1710806632
                                                                                                                                                                                                      • Opcode ID: 845f9e095838511a557a8ef11dbc8818f47228711906608df336180b71b0e7fe
                                                                                                                                                                                                      • Instruction ID: 3bc29730112079336beb09e7fc86169ee79d69e8d4f231147dc7b297ac557d34
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 845f9e095838511a557a8ef11dbc8818f47228711906608df336180b71b0e7fe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B21237165C3515FE714CE349881B9FBBAAEBC2700F01892CE0D1DB1C5D679880BC792
                                                                                                                                                                                                      Function 0063A474 Relevance: 4.2, Strings: 3, Instructions: 492COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 7NS4$7\>|$]pl%
                                                                                                                                                                                                      • API String ID: 0-3671426880
                                                                                                                                                                                                      • Opcode ID: d36730aa0f4bfc2f864956f6695411a1f4438488ce1298d118bcfc598d9811f1
                                                                                                                                                                                                      • Instruction ID: d78da4d0457a9dcebb751ba14c64f245e2cf2939a2a99eaafb7a79d911279250
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d36730aa0f4bfc2f864956f6695411a1f4438488ce1298d118bcfc598d9811f1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAF102F3E142244BF3489E38DD98376B692DB94720F2B863C9B89977C0E97E5C059385
                                                                                                                                                                                                      Function 005FA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                      • API String ID: 0-3117400391
                                                                                                                                                                                                      • Opcode ID: 3e1209a5991ac2a23a9d69ba0d3df1f4582a60af6d610546d8500a43e18a8871
                                                                                                                                                                                                      • Instruction ID: 183493cd132cfe08ab5402a3a8b9ddd1c039e78b73749beecf03854c51eca0bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e1209a5991ac2a23a9d69ba0d3df1f4582a60af6d610546d8500a43e18a8871
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4C12EB060C385DFD7049F28D8816BABBF2BF85310F088A6DF199472A6D7399941CB53
                                                                                                                                                                                                      Function 005ED003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: [V$bh
                                                                                                                                                                                                      • API String ID: 0-2174178241
                                                                                                                                                                                                      • Opcode ID: 958aa104fc1869de90197f5d7f9732889b88ee65fc8bd1f2376baf8e73230634
                                                                                                                                                                                                      • Instruction ID: 2cefeba8f39227d13ed6999c098267bfd93fa974b096541d587ea94fea512a0e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 958aa104fc1869de90197f5d7f9732889b88ee65fc8bd1f2376baf8e73230634
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C13259B1901712CBCB28CF29C8916B7BBB1FF95310F18825DD8969B3D4E735A941CBA1
                                                                                                                                                                                                      Function 005D4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: )$IEND
                                                                                                                                                                                                      • API String ID: 0-707183367
                                                                                                                                                                                                      • Opcode ID: 2a9d9988469d5d5326dd9edf5620905d14e4e907688bf8bf3ac1a1c406b82fdf
                                                                                                                                                                                                      • Instruction ID: ff826a4279f0eeec3d118bf88faf4addfc999ef61464e8fa0ae7fb8031bfb1cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a9d9988469d5d5326dd9edf5620905d14e4e907688bf8bf3ac1a1c406b82fdf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5D18BB19083459FD720CF18D845B5ABBE4FB94304F14892FF9999B382E375E948CB92
                                                                                                                                                                                                      Function 007101C3 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: b?cd
                                                                                                                                                                                                      • API String ID: 0-2605965084
                                                                                                                                                                                                      • Opcode ID: 1af258dd1bc68436c9b7e1bf9c91a0a2d834fa2711587e5c4b4afd00f69363ff
                                                                                                                                                                                                      • Instruction ID: 6215cd7f6552138c10022683c1a1732a22fc4dabe9161d5f4e38f696d8101f48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1af258dd1bc68436c9b7e1bf9c91a0a2d834fa2711587e5c4b4afd00f69363ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF18AF3F112204BF3544929DC943A6B6839BD5324F2F82389A9CAB7C5ED7E9C464385
                                                                                                                                                                                                      Function 006E623E Relevance: 1.7, Strings: 1, Instructions: 497COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Pp~w
                                                                                                                                                                                                      • API String ID: 0-3244623881
                                                                                                                                                                                                      • Opcode ID: a0b128b4909adbcc64aa6523b4f3cf6f6ebdc5c9edc6a4e1bc17e966f16e325d
                                                                                                                                                                                                      • Instruction ID: a59ad3f255f36f7f0066cf351bd55c09a4facfdb831ed80daa6d5844d2e6e79a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0b128b4909adbcc64aa6523b4f3cf6f6ebdc5c9edc6a4e1bc17e966f16e325d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13029BB3E146244BF3445A29DC943A6B6D2EBD4320F2F853C9A8CA73C1D97E9C458785
                                                                                                                                                                                                      Function 00659339 Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: k^S5
                                                                                                                                                                                                      • API String ID: 0-1818519056
                                                                                                                                                                                                      • Opcode ID: 9f0bfb087a40b12731924c58c5a60900d5fa58ad6412fbc609b9f3edaa39fa8f
                                                                                                                                                                                                      • Instruction ID: c9ed3c922132edf8545e2507111e7f4c2d4c0346869434ad3788483ca4d519b1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f0bfb087a40b12731924c58c5a60900d5fa58ad6412fbc609b9f3edaa39fa8f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13F1E0F3F052148BF3049D29DC893A6B692EBD4310F2B853CDB89977C4E97E98068785
                                                                                                                                                                                                      Function 005FD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FreeLibrary.KERNEL32(1A11171A), ref: 005FD2A4
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                      • Opcode ID: aa3745e8c63cc0d8f5f427ca752a10bbdd715a20887a7231651e53ad3423c767
                                                                                                                                                                                                      • Instruction ID: 102e70d3a65fcb1b9ca2728658d6285ca548f7c5be767b849926a84eb03cf8b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa3745e8c63cc0d8f5f427ca752a10bbdd715a20887a7231651e53ad3423c767
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2641B4745043829BE3258B34C9A0B72BFE2FF57314F28858CE5D64B393D629D84697A1
                                                                                                                                                                                                      Function 005FD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ><+
                                                                                                                                                                                                      • API String ID: 0-2918635699
                                                                                                                                                                                                      • Opcode ID: f473d61701a0237a52ffb59ecdb74bfc44070ccb55eb39eb0e82c5f784f5a70d
                                                                                                                                                                                                      • Instruction ID: 02741f367003253408144df313a0d15a520f6cb97be1b134cebab7cce5a0b0a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f473d61701a0237a52ffb59ecdb74bfc44070ccb55eb39eb0e82c5f784f5a70d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0C1B4756047418FD725CF2AC490762FBF2BF96310B28859DC5DA8B792C739E806CB50
                                                                                                                                                                                                      Function 005FB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                      • API String ID: 0-123907689
                                                                                                                                                                                                      • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                      • Instruction ID: 5f81bcbf455b4dd7d652ab7fc61e0600d0cd4ef5fc5b987fafc36cf20689b11f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0C1D8B1A0830D9BE7258E24C45477BBBDABF85310F19892DE69987382E73CDD44C792
                                                                                                                                                                                                      Function 0063C315 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: =~sY
                                                                                                                                                                                                      • API String ID: 0-1808759135
                                                                                                                                                                                                      • Opcode ID: ff913868933027894f64c3890cb844b8714b7d031e619e6ad07178e216e981d8
                                                                                                                                                                                                      • Instruction ID: cab4a6cbdc904bc5b45e553b4f7a7fb0879d95d18388056e0ea52aed86808e2f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff913868933027894f64c3890cb844b8714b7d031e619e6ad07178e216e981d8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36C1ACB3F1022547F3544D79CC983A26682DB95320F2F82788F5DABBC5D97E9D095384
                                                                                                                                                                                                      Function 0069E24E Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: &@P}
                                                                                                                                                                                                      • API String ID: 0-1082716907
                                                                                                                                                                                                      • Opcode ID: b62f40776d65e549a32ccbc1b3d835091d5a402b60c72ea5a6117a5c203bfdb7
                                                                                                                                                                                                      • Instruction ID: 274c50a47054d5d4cec49af4a57cda7bb0317e331007033206f7fbac5377fa6c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b62f40776d65e549a32ccbc1b3d835091d5a402b60c72ea5a6117a5c203bfdb7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30B169B7F116254BF3944969CD483A266839BD4324F3F82788E8C6B7C5DD7EAC0A5384
                                                                                                                                                                                                      Function 00632146 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: *
                                                                                                                                                                                                      • API String ID: 0-163128923
                                                                                                                                                                                                      • Opcode ID: 75d090f8a8d57d335d7aa79c62467ea95eb2c708f667122372a6c59f97a2e5c4
                                                                                                                                                                                                      • Instruction ID: 0fc947f16e3c33bed83a6edc170b7d40e353799391df1bd4c6db9d9a91fbfe1e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75d090f8a8d57d335d7aa79c62467ea95eb2c708f667122372a6c59f97a2e5c4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28917CF3F2052547F3584938CD693A22582DBA5324F2F42788F5EAB7C5D87E9D0A5384
                                                                                                                                                                                                      Function 005F7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                      • String ID: _^]\
                                                                                                                                                                                                      • API String ID: 2994545307-3116432788
                                                                                                                                                                                                      • Opcode ID: 7841634b42f3291a2b0da75c5f737699cb425a9966f4cbed7f23e032095753f6
                                                                                                                                                                                                      • Instruction ID: 4ff557912982cc94567ec983e22f7a9a0c11ad6bc9d7506e2f3a71ff693bf02f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7841634b42f3291a2b0da75c5f737699cb425a9966f4cbed7f23e032095753f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D715BB160C30D5BDB249F68DC92B7B7BA1FF89314F18843DE68687286E238DC058755
                                                                                                                                                                                                      Function 006943D3 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: |kS
                                                                                                                                                                                                      • API String ID: 0-896271216
                                                                                                                                                                                                      • Opcode ID: f4d045b87484e11ec8d0f430e74a4a3f9d91fed8e45cf5ceae2c1340aa9eb679
                                                                                                                                                                                                      • Instruction ID: c8c9f82287e601d67a2f06bd7fd8787e4407bd4a0832f40d5ce015b5c26debe1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4d045b87484e11ec8d0f430e74a4a3f9d91fed8e45cf5ceae2c1340aa9eb679
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB917BB3F112254BF3584D68CC583A26683DB94320F2F827C8F496B7C5D97E6D0A5388
                                                                                                                                                                                                      Function 006C717B Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: KD`
                                                                                                                                                                                                      • API String ID: 0-636091499
                                                                                                                                                                                                      • Opcode ID: a5b2de717a83f2eb9f486d1d3ac9271730d0b46c5d2c6a40f3c76275b79d1dc0
                                                                                                                                                                                                      • Instruction ID: bdd1e80661157f394801f89417861d3548974816d34fdd56cd3130db74c22b88
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5b2de717a83f2eb9f486d1d3ac9271730d0b46c5d2c6a40f3c76275b79d1dc0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F915BB3F2162547F3544969CC983A16643DBD4320F2F82788E5CAB7C6D97EAD0A6384
                                                                                                                                                                                                      Function 007291C0 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: j
                                                                                                                                                                                                      • API String ID: 0-2137352139
                                                                                                                                                                                                      • Opcode ID: efcd4e09e8fcbc6fa7c3a964d6e470d96196c7b2615f753c043bcd8bd1e1f21e
                                                                                                                                                                                                      • Instruction ID: 2c37d6a1cbb7e717c418193fbc374fd0d36287781066ed3f916b15545456e11d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efcd4e09e8fcbc6fa7c3a964d6e470d96196c7b2615f753c043bcd8bd1e1f21e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 878136B3F112254BF3540D29CC583A27683AB91324F2F82788F8D6B7C5E97E6D5A5384
                                                                                                                                                                                                      Function 0063F03A Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: %wJn
                                                                                                                                                                                                      • API String ID: 0-1200231701
                                                                                                                                                                                                      • Opcode ID: 23d8b6d707df7307921a8776bc768228a261b95d072fac01f6acf585bdc151e0
                                                                                                                                                                                                      • Instruction ID: 2d416df430d4e03e66f8b60454a3b19e2ce70e1445b5e6d3c9439b9d50fb41ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23d8b6d707df7307921a8776bc768228a261b95d072fac01f6acf585bdc151e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B815BB3F011254BF3544929CC583A27683DBE1324F2F82788F5DAB7D5E97E9D0A6284
                                                                                                                                                                                                      Function 005DD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: _^]\
                                                                                                                                                                                                      • API String ID: 0-3116432788
                                                                                                                                                                                                      • Opcode ID: 5aaf10956d51ac59cf3e569c71012c2327d4c617f054db1580d2184ba882ab08
                                                                                                                                                                                                      • Instruction ID: c5bd2db883ddda2dc29f31420292f65c2ad1e5ab6d1fa484e5abec8915e467c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5aaf10956d51ac59cf3e569c71012c2327d4c617f054db1580d2184ba882ab08
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0851DF702813008FC7348B6C98D0AB6BBB2FB95714718D85FD597C7766C271B8428B61
                                                                                                                                                                                                      Function 00681384 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: MHvv
                                                                                                                                                                                                      • API String ID: 0-4138764797
                                                                                                                                                                                                      • Opcode ID: 78919b5eeb736dfeffd6608bd705b47bd5352c45bf3d6b7ba92f962675034f43
                                                                                                                                                                                                      • Instruction ID: fd06ce0505dc09b22f11d839292e6e6bb25403ae9d082f27499fa0a27f56cbcd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78919b5eeb736dfeffd6608bd705b47bd5352c45bf3d6b7ba92f962675034f43
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B381A7F3E0022547F3540838DD883A2A6939BA5324F2F42788F5C7B7C9E97E5C0A12C8
                                                                                                                                                                                                      Function 005FC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: N&
                                                                                                                                                                                                      • API String ID: 0-3274356042
                                                                                                                                                                                                      • Opcode ID: c0e6c45d906935a97fdd59dc92f7f1952fd88c4daa3ab4034d28cfaa5fa59aaa
                                                                                                                                                                                                      • Instruction ID: f3e30225533e3be94764610ca4fe8214d940747d50191c3843235a68de13627a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0e6c45d906935a97fdd59dc92f7f1952fd88c4daa3ab4034d28cfaa5fa59aaa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5051F525604B804BD729CB3A89617B7BFD3ABDB310B5C96ADC4D7C7686CA3CE4068710
                                                                                                                                                                                                      Function 005FC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: N&
                                                                                                                                                                                                      • API String ID: 0-3274356042
                                                                                                                                                                                                      • Opcode ID: 1ffa092f2e74719b2a820880f115d0c789858a47fa31313ba2aaf9d78623e807
                                                                                                                                                                                                      • Instruction ID: 71674c8715c5c5c3933af08c82082687fc36ae4f53b2fae80babf548319b6be6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ffa092f2e74719b2a820880f115d0c789858a47fa31313ba2aaf9d78623e807
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54510825614B804AD729CB3A89507B37FD3BF97310F5C96ADC4D7DBA86CA3C94028710
                                                                                                                                                                                                      Function 00672244 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                      • API String ID: 0-3993045852
                                                                                                                                                                                                      • Opcode ID: f40f5ee341d078932aaf3523e8331a99bc6338a895ffad638af6fd5f37a379b9
                                                                                                                                                                                                      • Instruction ID: 8671ddbaeeed264ae41a9d5559e7da13aeb0fcee2b4865cd8446c1596c264c77
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f40f5ee341d078932aaf3523e8331a99bc6338a895ffad638af6fd5f37a379b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A613DB3F116254BF3844D64CC983A27293EB95314F2F81788E4DAB7C5D97E6D099388
                                                                                                                                                                                                      Function 0068B3B7 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: A
                                                                                                                                                                                                      • API String ID: 0-3554254475
                                                                                                                                                                                                      • Opcode ID: 535afa386787a49ef1ff535e09c1c0eccfb080335bdeb792481ecdc1b535121f
                                                                                                                                                                                                      • Instruction ID: c8236fdc17dec6c67ff9c3d73f1559d86f3f8657d13a5e57cf590bcbfc987c99
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 535afa386787a49ef1ff535e09c1c0eccfb080335bdeb792481ecdc1b535121f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16618CB3F116254BF3904E64CC943A27293EB95321F2F81788E486B3D5E97F6D09A384
                                                                                                                                                                                                      Function 005DF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,
                                                                                                                                                                                                      • API String ID: 0-3772416878
                                                                                                                                                                                                      • Opcode ID: 9f96025e850b76c536deab3bab78275a97e5f7e6f428620968f4e82f46589d61
                                                                                                                                                                                                      • Instruction ID: a09de08a48d5696be7d03a305b51d7ff391a8ae1ac5cae578beef20f28f75e63
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f96025e850b76c536deab3bab78275a97e5f7e6f428620968f4e82f46589d61
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF61D53261C7908BC7209A7D885529FBFD5ABD6324F294A3FD9E5D73D2E2348901C742
                                                                                                                                                                                                      Function 0066C3F1 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: E
                                                                                                                                                                                                      • API String ID: 0-3568589458
                                                                                                                                                                                                      • Opcode ID: 49b3e4b81992e749b000a03249461b00867a400feaa85abc1cc8f519d6bc3656
                                                                                                                                                                                                      • Instruction ID: c784e5fa83fc26c0d19aa8d8763288b5f21e08ca346c1e8b8326d5f31a446651
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49b3e4b81992e749b000a03249461b00867a400feaa85abc1cc8f519d6bc3656
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9518DB3F115244BF7548D28CC583A27293DB95324F2F8278CA4DAB7D5E97EAC099384
                                                                                                                                                                                                      Function 00611160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                                                                      • Opcode ID: b0a135f88c31bc7b5d7a9b27550871fc59cdc5cfc0feed87e5ccc656bae24ae1
                                                                                                                                                                                                      • Instruction ID: b323668b4935868884d0bfd42a1d9b045269be01ccab888d5a00415c307cfe37
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a135f88c31bc7b5d7a9b27550871fc59cdc5cfc0feed87e5ccc656bae24ae1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF4122B1A053109BD718CF54CC56BBBBBA2FFD6354F088A1CE6955B3A0E3359984C782
                                                                                                                                                                                                      Function 005FC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: AB@|
                                                                                                                                                                                                      • API String ID: 0-3627600888
                                                                                                                                                                                                      • Opcode ID: 0c5f8edfedebba1f4aec6fce6abc049c4b7a7a645f96bfb4377cff7d32c87825
                                                                                                                                                                                                      • Instruction ID: dd4859889c9d55f2d667f0c027f7ba306a366e7e9d964ed20d84e923f061b0d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c5f8edfedebba1f4aec6fce6abc049c4b7a7a645f96bfb4377cff7d32c87825
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8441D3711046928FDB268F39C8507B2BFF2BF97310B189698C4D29B696C738E855CB60
                                                                                                                                                                                                      Function 00610340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                      • API String ID: 2994545307-2766056989
                                                                                                                                                                                                      • Opcode ID: b98977b0e64f1f211738b37704fae79af84a394b6e924754f1b75e635f312a6c
                                                                                                                                                                                                      • Instruction ID: ce7b672577b0f531308142090b0056511752dbc12fc1dec7201310b8d388729f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b98977b0e64f1f211738b37704fae79af84a394b6e924754f1b75e635f312a6c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 143101756083048BD714DF58D8C26BFBBF6EBC5324F18992CE69887390D3759888CB92
                                                                                                                                                                                                      Function 005FE180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 985f37ed499212a80d73439abfbdc1d991c92c210f034adb7e63737f8c71d321
                                                                                                                                                                                                      • Instruction ID: 856e099fac14ac7be0b470dc9618d55e9119373d4a491e767277bfe5c1a21a38
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 985f37ed499212a80d73439abfbdc1d991c92c210f034adb7e63737f8c71d321
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D962A4F1911B419FC3A1CF29C881B93BFEAAF89310F18591EE5AAD7311DB7065418F92
                                                                                                                                                                                                      Function 005D73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                      • Instruction ID: 3c6b3266882d7d7702b3efa882bf54e40df63e250feb7fb275d2e52055ca8d40
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4422C032A087168BD735DF1CD8806ABB7E1FFC8315F19892FD98697385E734A8518B42
                                                                                                                                                                                                      Function 0071543A Relevance: .6, Instructions: 588COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 54a5d6e0e12e604a6d39106b6874304d4c45046fa4a745631e01921bcad35698
                                                                                                                                                                                                      • Instruction ID: 45cf9eda93f407d72f37a5ee02e85afbf5f02afda378c082a4136c43859377de
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54a5d6e0e12e604a6d39106b6874304d4c45046fa4a745631e01921bcad35698
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 941282E3F6095547F364483DCD493925983C7E5320F2EC6788B98ABBC9D8BE8C864384
                                                                                                                                                                                                      Function 006D90F5 Relevance: .6, Instructions: 551COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6647885b57a99f8df2c1dc1be325f09b2b34217b589cfa93bb41a36658191d3e
                                                                                                                                                                                                      • Instruction ID: a92a2dfd52790dd15490d07e6fb3112a9d8d014aea9201d3a3fc683291e26763
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6647885b57a99f8df2c1dc1be325f09b2b34217b589cfa93bb41a36658191d3e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B0266F3F6151407F7680839CD683B5198397A6324F2F827D8B9E5B3C5E8BE4C4A4298
                                                                                                                                                                                                      Function 006AA3C0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a9285ebf2aac2983ee6660fa7eb2f6e5a7882c35b88b962f022bae69c21ac857
                                                                                                                                                                                                      • Instruction ID: 66eac2722aea01549003a7e67de49fc62da2a5bff978a3e6c80007b2afbf9dd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9285ebf2aac2983ee6660fa7eb2f6e5a7882c35b88b962f022bae69c21ac857
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B029BB3F152244BF3484938CD593A676929BD5320F2B423C8F8DAB7C4D97E5D0A5388
                                                                                                                                                                                                      Function 006FD092 Relevance: .5, Instructions: 517COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3562c2fff1fdea28327d7fda8260cccc9073083defd9987a7c351c30f775eaa7
                                                                                                                                                                                                      • Instruction ID: 47507721a86418a3ff94282b7a3c6fdfdedea805112a054fc91b9f1a035aeb3f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3562c2fff1fdea28327d7fda8260cccc9073083defd9987a7c351c30f775eaa7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 370201F3E142204BF3485D38DD99376BA92EB94320F2B823D9B89A77C4E97D5C058385
                                                                                                                                                                                                      Function 00691327 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e67a5739f3a660e58f5b27ba08c5623152698451454c782e2ef2334ba18df564
                                                                                                                                                                                                      • Instruction ID: 1bbfe87800a3aaabe2295576c8278e66aeb2cd54aa1b4ee3cdaba490e63d0a54
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e67a5739f3a660e58f5b27ba08c5623152698451454c782e2ef2334ba18df564
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24F1DFF3F142148BF3445E39CC99366B692EB94310F2B463C9B89AB7C4D97E9D098385
                                                                                                                                                                                                      Function 006A0327 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ad1cdbb45e77d2fa74e18d9eebbbbf989e0a11954d078df9cc331ee3f953463f
                                                                                                                                                                                                      • Instruction ID: f251e37781c10845c266fa15e2b263191aed996076a21f4f826041fcefc2771a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad1cdbb45e77d2fa74e18d9eebbbbf989e0a11954d078df9cc331ee3f953463f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F1E0F3F142154BF3044D79DC587A6B692DBD5321F2B823C9B88A77C4D97E9C0A5284
                                                                                                                                                                                                      Function 0070C106 Relevance: .5, Instructions: 482COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8b284aa0b0641ceb360fed064fb84610a980a0f584b3bc6de36da33ec69ed563
                                                                                                                                                                                                      • Instruction ID: 139c7461f0f10dfe0cd1751a6f6e5181aedb18fa93ebfe479c600c916ba080b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b284aa0b0641ceb360fed064fb84610a980a0f584b3bc6de36da33ec69ed563
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF1BFF3E106254BF3544D69DC983A2B693DB90324F2F823D8E89AB7C5E97E5D094384
                                                                                                                                                                                                      Function 0070A0AA Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: af4b7d6db9ba936cd3858d068582d947515df46c31b7e84650c1be83c4001018
                                                                                                                                                                                                      • Instruction ID: f2a0a1ab8bf64819027a35725d79ab25de0296a16661bc17a3aedc7565c30dbc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: af4b7d6db9ba936cd3858d068582d947515df46c31b7e84650c1be83c4001018
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37E1E0F3E142244BF3145E39DD84366B6929B94720F2B823D9E88AB7C4D97E5D0A82C5
                                                                                                                                                                                                      Function 006CF3AC Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f62fd3bbab68e82150976a2d6b3e1318e61dc7e58d6f4185145c0d8a58709e2a
                                                                                                                                                                                                      • Instruction ID: d37dba4039e6e85c331d90dcc2534d56585680d9bb1c54dcc5371b2677d70231
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62fd3bbab68e82150976a2d6b3e1318e61dc7e58d6f4185145c0d8a58709e2a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32E1DFF3E102214BF3544938DD983A67692DBA0324F2F823D9F89AB7C4E97E5D094384
                                                                                                                                                                                                      Function 007063CF Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6971c3da8872cc7d4dc711d55d5f73fa0ad19845d30cebff6987e4e9bd200ae3
                                                                                                                                                                                                      • Instruction ID: 9f16b0ede3e1aaf453794cd971670866f569cfb90f39734776d13d64268d2217
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6971c3da8872cc7d4dc711d55d5f73fa0ad19845d30cebff6987e4e9bd200ae3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E1B0F3E042144BF3445E2DDC95366B6D2EB94720F2B863C9A899B7C8E97EAC054385
                                                                                                                                                                                                      Function 00649395 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 76bcc5b7456c073a85d2e84e11b13bbf45ee4f631c612a7d6f3c75df366681d0
                                                                                                                                                                                                      • Instruction ID: 25cde7befeb087cdb2cf00152f42e7d382b1aec82ce2ea3f36e66486249089d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76bcc5b7456c073a85d2e84e11b13bbf45ee4f631c612a7d6f3c75df366681d0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DD10EF3E156244BF3544A29DC94362B696ABE4720F2F423D9F8CA73C5E97E5C0982C4
                                                                                                                                                                                                      Function 006D91D4 Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c0106862a0459caeefdda1ad40ac3f5dd3d165d2165228c42e45216fd960465c
                                                                                                                                                                                                      • Instruction ID: 2dc3e820f9aa30c6180101477aa8c2f40a6afe7d681324f8f70c24398b6853d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0106862a0459caeefdda1ad40ac3f5dd3d165d2165228c42e45216fd960465c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15D157F3FA055506FB680839CD693B5198397E2324E2F823ECB9A5B7C5DCBE4C464258
                                                                                                                                                                                                      Function 00688147 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fd3dd1b47ba904e6dca50a9b2d166d07a49110c207e6e10d9c661e1b4c6d60cb
                                                                                                                                                                                                      • Instruction ID: 40ab405972fadb08857feb4ea193823baac35f6aa06b1fd8b3f2d567296ad286
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd3dd1b47ba904e6dca50a9b2d166d07a49110c207e6e10d9c661e1b4c6d60cb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7D100F3F146244BF3444929DC943A67692DBD4320F2F823D9B98A77C4D93E9C0A5298
                                                                                                                                                                                                      Function 006ED27E Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4ba868915583fe24cfe4419b3a8b6ede23b9a9f9491ea90d2bc60bf70799bb7f
                                                                                                                                                                                                      • Instruction ID: 60441b1cd01afc63c3d2e9a71f0da04ef852aef50fed3d5f75d4303640406fd4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ba868915583fe24cfe4419b3a8b6ede23b9a9f9491ea90d2bc60bf70799bb7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BD18CB7F006214BF3544878DDA83626582DB95324F2F82788F1DABBD9E87E5C0A52C4
                                                                                                                                                                                                      Function 006C22B9 Relevance: .4, Instructions: 381COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2a9b68567d0f6944e2c7f2d055ceaaa08e954dacb054cd17c72af9344e386a1e
                                                                                                                                                                                                      • Instruction ID: 8ecd8e7c2831fe8b8a32eff9b4c99171c21ce93918929f8d0be30add950db393
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a9b68567d0f6944e2c7f2d055ceaaa08e954dacb054cd17c72af9344e386a1e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4D168B3F516254BF3444939CDA83A22683DBD5320F2F42788E5DAB7C6D87E6D0A5384
                                                                                                                                                                                                      Function 006DE269 Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 178597af021bf3f9d999ffe3c16d641be517aece1598ba61ae651368c08edab5
                                                                                                                                                                                                      • Instruction ID: 5a6ccb4610f5424e63eece04315a5f3035d71905c6af30604403a8546d6786a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 178597af021bf3f9d999ffe3c16d641be517aece1598ba61ae651368c08edab5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30D18AB7F106254BF3544D78CD983A26683DB95324F2F82788F586B7C9E87E9C0A5384
                                                                                                                                                                                                      Function 00690292 Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d07e88f5c71a18d469184de794cfb862b3f8d500b988623e5cd1056c09772739
                                                                                                                                                                                                      • Instruction ID: 71a1be00d5461b256cfb6bcfbc10a2f6fbee3a88f28ca77ac1d4cb1a2e64aad5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d07e88f5c71a18d469184de794cfb862b3f8d500b988623e5cd1056c09772739
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0D19CB3F115254BF3584938CD683A226839BD5324F2F82788F5E6B7C5D97E5C0A5384
                                                                                                                                                                                                      Function 0064B37E Relevance: .3, Instructions: 348COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 92ffe59824725fff952c05ec97e269139aef5cedb49fc5bb8133ecfa7c36ef04
                                                                                                                                                                                                      • Instruction ID: 3b1818a24ec19b70fd088faa796f3cb0b39bf1da9bf070be3766caa57169a878
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92ffe59824725fff952c05ec97e269139aef5cedb49fc5bb8133ecfa7c36ef04
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60C18CF3F116254BF3544978CC983A2A2829B95320F2F83788F6CAB7C5D87E9D0952C4
                                                                                                                                                                                                      Function 00682047 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c6cb09d1d45e10ce1b59bbbd901126a15bd37d2f7cb1870ffe64c68a07a45e94
                                                                                                                                                                                                      • Instruction ID: 0088695ca0a753c44b0734a089fb5ae076b7db2a6c64334e2a52f948538800b8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6cb09d1d45e10ce1b59bbbd901126a15bd37d2f7cb1870ffe64c68a07a45e94
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44C16AF3F5062547F3544879CD983A2658397E4324F2F82788E9CAB7C6E87E9C4A5384
                                                                                                                                                                                                      Function 006DC3BC Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a76d2f3fffa04f4d72a70d3b5d87a678367c4fc08b3bfbf844a6a6657ed137c7
                                                                                                                                                                                                      • Instruction ID: 52bbdaa840a42dcf9fd383de403551c772b47236da4143a0acc5918dee484ac2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a76d2f3fffa04f4d72a70d3b5d87a678367c4fc08b3bfbf844a6a6657ed137c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10C17BB3F1162447F3484939CDA83A26683DBD5324F2F82788F596B7C9DD7E6C0A5284
                                                                                                                                                                                                      Function 00687240 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2744bad59a6139e70117483597c1d58f12e8d77793d8ca57138bb652544326e0
                                                                                                                                                                                                      • Instruction ID: 5fe24199688064814852543cb2fe5f59149f3c0610e6ed6ec41283360d060364
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2744bad59a6139e70117483597c1d58f12e8d77793d8ca57138bb652544326e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8C19CF3F1062547F3544939CD983A265839BE5324F2F82788F9DAB7C5E87E9C0A5284
                                                                                                                                                                                                      Function 00637138 Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1211fb31a49a6e6686ee08e43a73211b562fff00f2cd0c1d79e74f611edb8a9d
                                                                                                                                                                                                      • Instruction ID: ecbc5e6f6cee1b189df12ff2bba1d57d131e6b92cc27964607f752f98ac4460a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1211fb31a49a6e6686ee08e43a73211b562fff00f2cd0c1d79e74f611edb8a9d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84C18DF3F516254BF3540868DD983926583D7E8324F2F82388F5DAB7C6D8BE9D0A5284
                                                                                                                                                                                                      Function 007171F3 Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4ccfb18ba7245c690082e29c677a55b3ea8aced5af0b97e4ad5e1feed17b0c84
                                                                                                                                                                                                      • Instruction ID: e7b1d4bfff284896381c38f3940f4778865b9510e0cc58c68d443633f3d512f8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ccfb18ba7245c690082e29c677a55b3ea8aced5af0b97e4ad5e1feed17b0c84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63C19CB3F1162547F3484968CC983A27683DBD4324F2F82388F59AB7C9E97E9D065384
                                                                                                                                                                                                      Function 00704042 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 59d85fccad27888568d581965408ef0fa15ecb816348c27a28afe87a881c5db8
                                                                                                                                                                                                      • Instruction ID: 7774b936210b97219f18850bc54d36b375891fe1a5be863810ddbf85ffbbfebb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59d85fccad27888568d581965408ef0fa15ecb816348c27a28afe87a881c5db8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DC19DF3F616254BF3484878CD983626683D7D5320F2F82388B59AB7C9DC7E5D0A5288
                                                                                                                                                                                                      Function 006AF025 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 14baf5a7eef1a53286ea8ab27b875168233489bca0a38daba835806351382249
                                                                                                                                                                                                      • Instruction ID: 43ffda00044268c712225f94f6d3adddc1cc8e1815ea5050518d9646900a0e3e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14baf5a7eef1a53286ea8ab27b875168233489bca0a38daba835806351382249
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBB18BF7E1162547F3640968CC98362A6829BE4324F3F82788F5C7B7C6D97E5C0652C4
                                                                                                                                                                                                      Function 00634302 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d22ffb35ab4d0176f20de15a275c721fc71a1f3eff4d59d69238951f1ccf049d
                                                                                                                                                                                                      • Instruction ID: 6eacbf4b45135054337eaa0d40623eed50288e026d6798de6b5dac3c2ae72246
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d22ffb35ab4d0176f20de15a275c721fc71a1f3eff4d59d69238951f1ccf049d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90C17AB3F112254BF3544938CD983A2668397A5324F2F82788F9DAB7C5DC7E9D0A5384
                                                                                                                                                                                                      Function 006612F7 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5e2db100315868795f74fc94fe6a2d2eadbda090f6082b9b7ba0136613f66fcd
                                                                                                                                                                                                      • Instruction ID: 6855fc2bab13dad70d160ade404ba5be2725befda32f086e8ad4f831f1bbcd6f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e2db100315868795f74fc94fe6a2d2eadbda090f6082b9b7ba0136613f66fcd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01B1CCB3F5022547F3484978DD983A26682CB95314F2F82388F5DAB7C9DCBE9C095384
                                                                                                                                                                                                      Function 006CD14C Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f8a151e09cb52d5fbb51d57d55eff48837f78b00bbd5de440f1b24f5dfe02250
                                                                                                                                                                                                      • Instruction ID: aa892af31138b5b58caef9588696c56944d2400f60c46f6c1fb49b08013792e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8a151e09cb52d5fbb51d57d55eff48837f78b00bbd5de440f1b24f5dfe02250
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FB15BB3F1162547F3444938DD983A26583D795324F2F82388F5DAB7CADC7E9D0A5284
                                                                                                                                                                                                      Function 006DF0E6 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 363f344d05f174c2fa0b81188ad3d738864f4e7f161e06a15fbe5a638b51a0a9
                                                                                                                                                                                                      • Instruction ID: 01aa0078dcb05bbb22c0bc6825ad3765fcc26930a526ac047678023da69d5694
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 363f344d05f174c2fa0b81188ad3d738864f4e7f161e06a15fbe5a638b51a0a9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10C1ACF3E1022547F3544969DC983A2A2839B95320F2F82798F6C6BBC5DD7E5D0A53C4
                                                                                                                                                                                                      Function 005EE220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0597c81abd1e48decd7bd010c474f9ebe83312d467981ce06b1e72d54d0e98f5
                                                                                                                                                                                                      • Instruction ID: 543ef7a922287f99d9be7fc0e182e4f5ec5458fa4d09cea808a3c2d2d65c9b02
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0597c81abd1e48decd7bd010c474f9ebe83312d467981ce06b1e72d54d0e98f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFB1F775514301AFD7289F25CC42B5ABBE2FFD8314F188A2DF4D8972A1DB7299448B42
                                                                                                                                                                                                      Function 006982EA Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b4ad688f18afd5caeb845f4fccb822b1ae10df5bcd409a80193e886c44d9bb28
                                                                                                                                                                                                      • Instruction ID: 93f6fc0d64b7b16fce10fb0e51607db10ed0f1758671351ec6744f27f32e53eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4ad688f18afd5caeb845f4fccb822b1ae10df5bcd409a80193e886c44d9bb28
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66B177F7E215244BF3444938CD583A266839BE1324F2F82788F5D6B7CADC7E5D0A5288
                                                                                                                                                                                                      Function 0067503B Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a379764c4253b10dd93f8648cc98e0b4a7453a1dc5d715de9a249881b3cb1be3
                                                                                                                                                                                                      • Instruction ID: eee8d6076393d06f16e6b05e59607a7dd3638cd334a332cded146fc7f59568b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a379764c4253b10dd93f8648cc98e0b4a7453a1dc5d715de9a249881b3cb1be3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22B16CB3F2152507F3584829CC593A265839BE4324F2F81788F9DAB7C5DD7E5C465388
                                                                                                                                                                                                      Function 00724211 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6784f6e6e1c4a5404d89cf1e5b94d30f576a50719214e3d6a9acf0f213015e8e
                                                                                                                                                                                                      • Instruction ID: f49063d0182253c00d10070d02da7da84c05488d25c3dbf4c744a330ed0a00e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6784f6e6e1c4a5404d89cf1e5b94d30f576a50719214e3d6a9acf0f213015e8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66C17CF7F1152547F3544928DC583A265839BE1324F2F82788F6C6B7CAD87E9D0A5384
                                                                                                                                                                                                      Function 00718329 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 31537751a0e00c9e599bc18021aa8acff4679d2481b5a3c0373a11f037908512
                                                                                                                                                                                                      • Instruction ID: 84ff1f26c10bae0513eebd8b1041dd3803b22b3faed79142d6832ba062314045
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31537751a0e00c9e599bc18021aa8acff4679d2481b5a3c0373a11f037908512
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13B17CF3F115254BF3644939CD5936266839BE4324F2F82788F9DAB7C9D83E6C0A5284
                                                                                                                                                                                                      Function 0070D439 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cdce1c392e6ed0801b5a6c072c318b7e502cfe986acf634df1d45f773f9be19e
                                                                                                                                                                                                      • Instruction ID: af5fbbe8048cec5f5edcef6b592a49af3a316ada6253e293781bc5b8d6173b75
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdce1c392e6ed0801b5a6c072c318b7e502cfe986acf634df1d45f773f9be19e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8B17AB3F116214BF3444979CCA836266839BD5324F2F82788F5D6B7C9D87E5D0A5284
                                                                                                                                                                                                      Function 006922D7 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6c06259bf476e7002f03a1d5a8cb780267d6c6cc6bc2edcad1d2905334d9a8d6
                                                                                                                                                                                                      • Instruction ID: 267af73bc4c979167ccbcf63d9f91a3091a5da4558e001ee5b77c1273f359b41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c06259bf476e7002f03a1d5a8cb780267d6c6cc6bc2edcad1d2905334d9a8d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCB19CB3F1162147F3544939CC583A26683DBE5321F2F82788F5DAB7CAD97E5C0A5284
                                                                                                                                                                                                      Function 0067012C Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7174ce9648e10b21e80bfbed61f1733fbbc3dc88dd3b99019a156974dec29158
                                                                                                                                                                                                      • Instruction ID: b5aa90eda023742f1cb51c53c98a4b6b601f91148e7581ff551c90b1a687696f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7174ce9648e10b21e80bfbed61f1733fbbc3dc88dd3b99019a156974dec29158
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67B177B7F122254BF3904939CD983A266839BD5324F3F82788E5C6B7C5E87E5D0A5384
                                                                                                                                                                                                      Function 006A12E5 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c887de997596184214a14c7b4ee6103d532631caf0e719b576e5879c4f8a5cac
                                                                                                                                                                                                      • Instruction ID: 2491f755f0ef2c54dd953a4a8f28ed00f13c8a08d0ef302327b36fc46d149388
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c887de997596184214a14c7b4ee6103d532631caf0e719b576e5879c4f8a5cac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67B17DF3F116254BF3584929CC683A26683DBD5324F2F82788F4D6B7C5D93E6D0A5288
                                                                                                                                                                                                      Function 006E935B Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0c74effc1641f1ce18337dec276947e0d3237f1ccb2a2019fe872bf947a07485
                                                                                                                                                                                                      • Instruction ID: 24eacceaa881cfb152cb36388db97b6610a53a54aeab1fb6fe2d2c3ad48b3a83
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c74effc1641f1ce18337dec276947e0d3237f1ccb2a2019fe872bf947a07485
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62B18DB3E216254BF3944928CD583A276839B94320F3F82788F5C6B7C5D97EAD0A53C4
                                                                                                                                                                                                      Function 00650144 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 402d05a06d3da348fd657a0313b1b9114a0dbfdd90218288a7bc0ea0f604e98c
                                                                                                                                                                                                      • Instruction ID: 44ced9b7cbd353ca464719131b1c3acba4c24fce897456a6135876ccbe3a4123
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 402d05a06d3da348fd657a0313b1b9114a0dbfdd90218288a7bc0ea0f604e98c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CB19EF3F1162547F3584C38CD983A26582DBA5324F2F82788F5CABBC5E87E9D095284
                                                                                                                                                                                                      Function 00699439 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bc3780bb431b6f6a052017ea39bd1242aca622a502b24dca3e48e218b02a25bd
                                                                                                                                                                                                      • Instruction ID: a13b6b6681a69491a259ad856f2eeed3cf38cb2f8804c4709ed5a0e696407696
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc3780bb431b6f6a052017ea39bd1242aca622a502b24dca3e48e218b02a25bd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9B179B3F115244BF3448929CC983A27683DBD5324F2F82788A9D9B7C5D97EAD0A5384
                                                                                                                                                                                                      Function 006F123B Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: da27a374489f609aee41291074953dd3d0ab004d2884e6edfe46ae9aa760910c
                                                                                                                                                                                                      • Instruction ID: 83d08fc3041a375ebfd682c5429346ca40c4738370548782a9bf7192b728134d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: da27a374489f609aee41291074953dd3d0ab004d2884e6edfe46ae9aa760910c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79B15BF3F1162547F3544878CD983A2A68397A5324F2F42388F5CAB7C6E97E9D0952C8
                                                                                                                                                                                                      Function 006EF31A Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 23b29c0b0208f1981d258220a00ee33ceac90d184e9a9d96a379135b05943f49
                                                                                                                                                                                                      • Instruction ID: 3a26671105ef6ee2bf1188b66fb67d00f9e711ff008774a797287db636b2c0f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23b29c0b0208f1981d258220a00ee33ceac90d184e9a9d96a379135b05943f49
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CB179F3F1062547F3544878CD993A265839B91324F2F82388F9DAB7C9EC7E9D0A1284
                                                                                                                                                                                                      Function 0066E33A Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a2752b5dc6e0c4553f3592742c8f860c7bd75b6a69e13f2f0bcfa136787d1474
                                                                                                                                                                                                      • Instruction ID: cc5cfef54b7b82b22b2562bb83d52de7d8db2221feebef8ed5d64edc96d2773a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2752b5dc6e0c4553f3592742c8f860c7bd75b6a69e13f2f0bcfa136787d1474
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29B17AF3F1162447F3544929CC943A266839BE9324F2F82788F5C6B7C5D97E6D0A5288
                                                                                                                                                                                                      Function 005D6160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                      • Instruction ID: 5f9f87f61e6a9e376cfd239a887bfa8894571531490a2398e07a35e33e6f4818
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19C14BB29087418FC370CF68DC967ABBBE1BB85318F48492ED1D9C6342E778A155CB06
                                                                                                                                                                                                      Function 0063E306 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9cb46e3e751e9686efbb2125e691ea3fb7b2ebccefed3bc8901fa7263e39ade1
                                                                                                                                                                                                      • Instruction ID: fc8a64c826b8d02b1246d3d72716042579e214040100ebfa6fb3f3d5d1662f44
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cb46e3e751e9686efbb2125e691ea3fb7b2ebccefed3bc8901fa7263e39ade1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8A159B3E2152547F3544939CC583A26693ABD4324F2F82788F9DA7BC9DD3E5D0A1388
                                                                                                                                                                                                      Function 00728023 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 16993352ac84d1a97747bac9138e0582b9881b84620898efe00dff7887990645
                                                                                                                                                                                                      • Instruction ID: 075574c2eb8d9e23565ca90ac2f309713b0efb86a11778bcbff27bd70dbdf2dc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16993352ac84d1a97747bac9138e0582b9881b84620898efe00dff7887990645
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43A18BF7F516250BF3544878CC9836265839BE1321F2F82788F5D6BBC9E87E5D0A5284
                                                                                                                                                                                                      Function 0064D2DE Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8b07f16902e132e3630f2b5af4985928739d72c4e2eea542429af28fd78b1c23
                                                                                                                                                                                                      • Instruction ID: 14e6955500fdee7b77558b0e6749552d8019f46b12141ed3c84ed7f3ab612f6d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b07f16902e132e3630f2b5af4985928739d72c4e2eea542429af28fd78b1c23
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFA159F3F516254BF3544878DD9839265839BD4324F2F82788E6CAB7C5E8BE5D0A1284
                                                                                                                                                                                                      Function 00639079 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c1322ac3ecb486409952dafbe191e2d3d0a1e114c65b2e6c39547cdc04636ddc
                                                                                                                                                                                                      • Instruction ID: d60d86f92e85cd816bb165d569189d2d258a2a46480d04dcb5627f81d52b1ef1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1322ac3ecb486409952dafbe191e2d3d0a1e114c65b2e6c39547cdc04636ddc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A1A8B7F1112447F3984928CDA83A26243EB91324F2F82798F5E6B7C5DD7E9D0A5384
                                                                                                                                                                                                      Function 006B909E Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f40f7e47916fc7371d9ab5019f5f63d70f757d690b725cab8c90f21361c5a60d
                                                                                                                                                                                                      • Instruction ID: fa4561ccb96e9f15bbe63c38b4fa34fc335351723ff19c520de18395e50c2cb7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f40f7e47916fc7371d9ab5019f5f63d70f757d690b725cab8c90f21361c5a60d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBA18DB3F1152447F3948939CD583A266839BD5320F2F82788F8CABBC5D97E5D0A5384
                                                                                                                                                                                                      Function 00722257 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 81201b0ff3b9dfdc6308afddd6732b8045f1dee830e5a7e75abb049297ddcda5
                                                                                                                                                                                                      • Instruction ID: 6facf1e66fb783e93ef5b423d180950f0efae68d107697d6987cc17c6e87fff6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81201b0ff3b9dfdc6308afddd6732b8045f1dee830e5a7e75abb049297ddcda5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53A190F3F115254BF3504928DC983A27653DB95320F2F82788E5C6BBC9E93E9D0A5384
                                                                                                                                                                                                      Function 006B82A8 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6e9dbfe857dd7017f92a2034a5be6ffdd74b772326d1c7b7ae24ffcd9f22a39b
                                                                                                                                                                                                      • Instruction ID: 553b36fe4bae90310e2bd501624f30384b07bdc919795e6ddcfbbfd4a7c5fdb0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9dbfe857dd7017f92a2034a5be6ffdd74b772326d1c7b7ae24ffcd9f22a39b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3A180F3F5122447F3944928CC983A23253DBA5324F2F82788F586B7C5D97EAD095388
                                                                                                                                                                                                      Function 0067D3CE Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 874f5e6ec216682579128191563c7eff2213f96606d563c6b133f9cb05840d60
                                                                                                                                                                                                      • Instruction ID: ed625419c1f89fd8022dbd41ba99e07e71e37105817addde5b204427195a2dc3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 874f5e6ec216682579128191563c7eff2213f96606d563c6b133f9cb05840d60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82A157B3E1052547F3584839CD683A2A6839BA1324F2F82788F5D7BBC9D87E5D0A52C4
                                                                                                                                                                                                      Function 0065E387 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 707a2d06c89d8ea5bf47bbc854b7a3ea26c4edd470a9fb86582e86c09b6e7c27
                                                                                                                                                                                                      • Instruction ID: 6af5f5e21649e59e44dc57cafc87936cb6ef9d4470f7ac54154a9f91b79aab26
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 707a2d06c89d8ea5bf47bbc854b7a3ea26c4edd470a9fb86582e86c09b6e7c27
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00A19CB3F1162147F3944928CCA83A26683EB95321F2F82788F5DAB7C9D97E5D0953C4
                                                                                                                                                                                                      Function 006CA0C9 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: dbd2017e53c7f94fcba6c7ff58364aae47cf8ce72659dc30cd8ae4b3fe2fd317
                                                                                                                                                                                                      • Instruction ID: 427e6b403412f2aced4bfa58b3d243f6c856ec995f66f2882339d075876b93f5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbd2017e53c7f94fcba6c7ff58364aae47cf8ce72659dc30cd8ae4b3fe2fd317
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34A190B3F516154BF3488879CD983A26583D7D4324F2F823C8B59A77C9ECBE5C0A1284
                                                                                                                                                                                                      Function 006A943C Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2f5dfe7ee522d7f109a558d418d0f831ec58d23e948b078586e8e8efdefc8787
                                                                                                                                                                                                      • Instruction ID: 472e77e9510f5b907da91730f584b72bfa89a2a5e3979743af0e162f14d40797
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f5dfe7ee522d7f109a558d418d0f831ec58d23e948b078586e8e8efdefc8787
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBA18DB3F2152547F3448D39CC983A27293EBD5324F2F81788A49AB7C5D93EAD0A5384
                                                                                                                                                                                                      Function 006B01C1 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 676f95eac65d0a7ef718a98a3bbeb9d7bc1efb4b6e81fe26c30f2dd53b015bc6
                                                                                                                                                                                                      • Instruction ID: a7c66f71359d5389d3f5c7daa83522b62b5d9f2d3daf333babad3c4fc9f012f6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 676f95eac65d0a7ef718a98a3bbeb9d7bc1efb4b6e81fe26c30f2dd53b015bc6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20A198B7F516254BF3404978DD983626683ABD5324F2F82788F186B7C9E97E6C0A4284
                                                                                                                                                                                                      Function 0065C362 Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8916ecc67f90ba2661269e470a0f2ee396d7233383bf5b41b5e60b1413cac9aa
                                                                                                                                                                                                      • Instruction ID: 33e6ff4d832d0a3af23e6a471bbd57fb02919292e36cdb5f2d87a6977c8ec861
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8916ecc67f90ba2661269e470a0f2ee396d7233383bf5b41b5e60b1413cac9aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02A19AB3F116244BF3540D68CD543A2B6839BA5324F2F42788F9DAB3D1E97E6D0A5384
                                                                                                                                                                                                      Function 00647288 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d62ca005a2b36794018695dedef181aaa28b6ac3bccd44951e180898631aa88f
                                                                                                                                                                                                      • Instruction ID: 7d217b8aa9e1a4230e8e28b1bef91101b9b2d1b4302ec1e6ddd4a1fdbf76a473
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d62ca005a2b36794018695dedef181aaa28b6ac3bccd44951e180898631aa88f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25A19BB3F2052547F3144D38CDA83A27682DB95320F2F42788E59AB7D5D97EAD096384
                                                                                                                                                                                                      Function 0072731C Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e3fcf83566a196219f265af8697e1411f8cd8f472b83f5a13d18b06d92236f19
                                                                                                                                                                                                      • Instruction ID: bd129c111bb9bb15c28fe104ef16640e074bf14788c3cb26959db350d60556c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3fcf83566a196219f265af8697e1411f8cd8f472b83f5a13d18b06d92236f19
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50A17BB3E1162547F3544D38CC983A27683DBA5324F2F82788E986BBC5ED7E5D0A5384
                                                                                                                                                                                                      Function 0068606A Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 267389353aca3fdd1bafedabc9bc97e2fac749c9303b3123ecd16e9491f073d4
                                                                                                                                                                                                      • Instruction ID: 29cfcb9106fae2aefd9fb493766f5868868056e7cad79f23358c64882270d84d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 267389353aca3fdd1bafedabc9bc97e2fac749c9303b3123ecd16e9491f073d4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32A180F7F1162547F3944938DD983626683DBD4310F2F82388F58AB7C9E87E9D0A5284
                                                                                                                                                                                                      Function 006440E4 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d5116e90ee59b5d7f6c22d8c9676e589f6a5a91273d219bcca47a7cddaf99ec1
                                                                                                                                                                                                      • Instruction ID: 053f0c72a97a32f494aa36c4b90adb2d29dc9908f6f9d6050f1eda764ee5558a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5116e90ee59b5d7f6c22d8c9676e589f6a5a91273d219bcca47a7cddaf99ec1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03A15BF3F1152547F3544D29CC98362A6939BE5310F2F82788F1C6BBC9EA3E9D0A5284
                                                                                                                                                                                                      Function 006AD179 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 286fc027f00f4ef3ca563a3ed59d1a2ad4a23cac536675e05d9d15e7befffe02
                                                                                                                                                                                                      • Instruction ID: ba20e081f849d450391bd0d0d123675ec24291f615e4aa326322dd91a514d77e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 286fc027f00f4ef3ca563a3ed59d1a2ad4a23cac536675e05d9d15e7befffe02
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DA17EB3F115254BF3448939CD683A22683D7D5324F2F82788B996BBC9DC3E6D0A5384
                                                                                                                                                                                                      Function 006572C2 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 243e04a9a54c7e4eed2f20fc67f916e5d6bf9f79f5f3b52abcbe7c9ebe831e12
                                                                                                                                                                                                      • Instruction ID: 7c8730f88af8d4130ebe2314eaf4fb561a5022208a9994c6da7e3e2df30b9575
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 243e04a9a54c7e4eed2f20fc67f916e5d6bf9f79f5f3b52abcbe7c9ebe831e12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDA16CB3F502254BF3584D69CCA83A27283DB95310F2E827C8E499B7D5D8BEAD095384
                                                                                                                                                                                                      Function 006F4308 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 30800f7627aa1808221ecf7a7954540b2b978bbd65e8d27165317a774baa5e5f
                                                                                                                                                                                                      • Instruction ID: bdbabce64643f41f258d68c3239f942ab1e4e7ecdc7931988d8d57608ef8c820
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30800f7627aa1808221ecf7a7954540b2b978bbd65e8d27165317a774baa5e5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFA137B3F112244BF3544D25CC943A27293AB95324F2F82788E5C6B7C5E97F6D4A6384
                                                                                                                                                                                                      Function 00708016 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 754692b621aca5548a6f5d5b24b1b3df019ee01f38898839301d22e207dd96eb
                                                                                                                                                                                                      • Instruction ID: 7d37754c7a94b34dc8eb0698cde2bbdcaefdaa2dea89920f6ecc1f74296b3469
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 754692b621aca5548a6f5d5b24b1b3df019ee01f38898839301d22e207dd96eb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96A1ACB3F106254BF3584D78CD983A26A83EB94310F2F82788F49AB7C5DC7E5D095284
                                                                                                                                                                                                      Function 0069530F Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0a591d805ffd157338f50a3d45379bb4fd727136352e85ee52b29a5b4be4d2f9
                                                                                                                                                                                                      • Instruction ID: e8928837cd0df30c7ccddd8ce23a8bef5eddfe8057c7f6fba49f0f930a4cb1ea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a591d805ffd157338f50a3d45379bb4fd727136352e85ee52b29a5b4be4d2f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0A1BCB3F1162547F3444969CD88362B6839BD5324F2F82388F5CAB7C9D97EAD0A52C4
                                                                                                                                                                                                      Function 0071D187 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 91b57008a92576170e933964f4765fccae0bc4169b475d9f83e4e16fb986a996
                                                                                                                                                                                                      • Instruction ID: 1cc04f7a4a0c6011463f636383fdfef3fcfcbeb07b82adb4f5a2009384b4ada3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91b57008a92576170e933964f4765fccae0bc4169b475d9f83e4e16fb986a996
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92A1C1B3F512244BF3544D68DC983A27683DB95320F2F82788E5CAB7C5D87E9D4A6384
                                                                                                                                                                                                      Function 0072A35C Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 953e72dbd4320b3e4c4174706442edb33726af5e350db18ab2de91d15c50d687
                                                                                                                                                                                                      • Instruction ID: 6dd948bf18b712e5c30d94b6d261dbb00cdf909f69110daf486daefe8fa98260
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 953e72dbd4320b3e4c4174706442edb33726af5e350db18ab2de91d15c50d687
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0917AF7F115254BF3444938CD983A266839BD5324F2F8278CE4CAB7C5E97EAD0A5284
                                                                                                                                                                                                      Function 006CC3A6 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6317e7f00906ea66dea6e4ceb84a56ca72e509dd01896b10c4bc948b34425752
                                                                                                                                                                                                      • Instruction ID: 14deece6cf4df789a8ae09cd741428fdba1dc125ebe620ff3ff7513b801347c9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6317e7f00906ea66dea6e4ceb84a56ca72e509dd01896b10c4bc948b34425752
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58A19BB3F102254BF3544938CD583A27693EB85324F2F82788E996B7C5D97EAD0A5384
                                                                                                                                                                                                      Function 0068A399 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c3b16eefd11ce9304ccd780109111637b52006d72d991632950ff6a60b7bec83
                                                                                                                                                                                                      • Instruction ID: 0f8cdf7e224b7f673d7eecc03e77184cb8c31a4f54fe2d733fe408f44e074aa5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3b16eefd11ce9304ccd780109111637b52006d72d991632950ff6a60b7bec83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08A1ADB3F106254BF3544D78CD583A27683DB95310F2F82788F49AB7C9D97EAD095284
                                                                                                                                                                                                      Function 007113F5 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 127aefe1e4a3f93af4829386ab01b0347f2fbb11a279c1b7d7e59134544d0920
                                                                                                                                                                                                      • Instruction ID: a8e15cb0dde96d928ae53ec5310adf14a21f7bc4f374866c39323a234d665fa8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 127aefe1e4a3f93af4829386ab01b0347f2fbb11a279c1b7d7e59134544d0920
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61919BB3F1062547F3548D69DC983A26683DBD4320F2F82788E8D6B7C5E97E5D0A5384
                                                                                                                                                                                                      Function 0063B2B5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: aa128d5a989ff159c3d6305a1154d62f905ce2662d2d7f9b59b4d5b13d6ea0c7
                                                                                                                                                                                                      • Instruction ID: 4079fe5de4bcaa88182e94b6bd00646e302be758ead565cb040ce84bc7571b9e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa128d5a989ff159c3d6305a1154d62f905ce2662d2d7f9b59b4d5b13d6ea0c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AA1ADF3F1122547F3484939CD683A22683DBD5314F2F82788B5A9BBD9DC7E5D0A5284
                                                                                                                                                                                                      Function 00640276 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f9077e2a901b4b0d920f15fb187bc48e079fa44519d65bc7aaf92b33e748e399
                                                                                                                                                                                                      • Instruction ID: 589d243db28a69036f0e9145342268ff929c082adb3a10e1940d0da8a63771c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9077e2a901b4b0d920f15fb187bc48e079fa44519d65bc7aaf92b33e748e399
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D39189F7F1122547F3844928DD983A26643DB95310F2F82788E4C6BBC9ED7E9D0A6384
                                                                                                                                                                                                      Function 006FE14B Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c18c4ba3bfa1c488da71d51fecba8138d6703452f45c937c3f20a6cee0d5e501
                                                                                                                                                                                                      • Instruction ID: 183d3e3e572d5193b1276a5279d1fac6a5ece454aa6a80642851113ff524d280
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c18c4ba3bfa1c488da71d51fecba8138d6703452f45c937c3f20a6cee0d5e501
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F9167F3F21A2547F3944938CD983A265839BD1315F2F82788F4D6BBCAD97E5C0A1284
                                                                                                                                                                                                      Function 006F02ED Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c3fd64b275450c1d03277eead3578925fbfdbb56c0e3c197eb6a8d1f6716ed86
                                                                                                                                                                                                      • Instruction ID: 41a6d3d5d5ef5ea9e515d85bf3371c5e0c47e964fda2d74d4137592549ce1390
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3fd64b275450c1d03277eead3578925fbfdbb56c0e3c197eb6a8d1f6716ed86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1918BB3F1062447F3444D68CC983A17652DB95324F2F42388F5C6B3C6D97EAD0AA384
                                                                                                                                                                                                      Function 0065D041 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f29ccdf45686a5b4e85f9023165d635266ea39b188064e21a9b5829da7cdfae7
                                                                                                                                                                                                      • Instruction ID: 97081cec35b70615934a74c40d6e7a1eb4126ba864ef036704bc7db313f975a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f29ccdf45686a5b4e85f9023165d635266ea39b188064e21a9b5829da7cdfae7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84915EB3F116244BF3504929DC983A27693DB95324F2F42788E4CAB7C5E97FAD0A5384
                                                                                                                                                                                                      Function 0068310E Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6d75394e7d0a43410557a91da01cbb23083e33351061b8709935a07dfc5098b4
                                                                                                                                                                                                      • Instruction ID: 0af41fec6c5325a38fcb0c1d44364c77d1e95c0316bef36d056d97d618574e6e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d75394e7d0a43410557a91da01cbb23083e33351061b8709935a07dfc5098b4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F69169F3F6152547F3584929CC583A261839BE4324F2F867C4F9DAB7C5E87E9C0A5284
                                                                                                                                                                                                      Function 0067F1A0 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5d218f92c92ac90ccef527c266b71fa48d7c8eb177bbfa06446a07cbb7399c2c
                                                                                                                                                                                                      • Instruction ID: 2a19f8900faeaef4b2520a2dd4164917da486c3d22bcd5848aedd36574651b2c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d218f92c92ac90ccef527c266b71fa48d7c8eb177bbfa06446a07cbb7399c2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E39128F3F1162447F3444D28CD983526693D7D5324F2F82788B8CAB7D9E97E9D0A5288
                                                                                                                                                                                                      Function 006BD45D Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e7e3ed6539138f9424fe7526453c2e0646b73f4b97d4a0c90f876adba11f69e0
                                                                                                                                                                                                      • Instruction ID: 8aa82fff881dc8a7db56dffbd72f04abe3141b19c51c2e519c96c776ced41f2b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e3ed6539138f9424fe7526453c2e0646b73f4b97d4a0c90f876adba11f69e0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3891AAB7F111258BF3444E29CC643A27693EBC5324F2F82788A4D6B7D5D93E6C0A9384
                                                                                                                                                                                                      Function 00818094 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 52cc0a9c468cf7d146d92aaaa2ca8c5a4833a6460ec0e4ee34a1e960da35f0b9
                                                                                                                                                                                                      • Instruction ID: 68aa417b4d4e38888e37308a681604a5362e0459dc77217e44bcd6152d7e57cb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52cc0a9c468cf7d146d92aaaa2ca8c5a4833a6460ec0e4ee34a1e960da35f0b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C981C7B350C604EFD7056E28DC867BABBE9EF84724F16493DD6C5C3740EA3598418687
                                                                                                                                                                                                      Function 006FF010 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cab6feb710412ecd7220a06cf8ac1bc8edbb62e45821b6115b717c9f69c8d478
                                                                                                                                                                                                      • Instruction ID: 866fbf3ebca3944042c7b89c6dc0e44d0cef37a00040c3ee05f0a7fd09ed94c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cab6feb710412ecd7220a06cf8ac1bc8edbb62e45821b6115b717c9f69c8d478
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64918AB7F115254BF3904D24CC983A27693ABD4324F2F81788E4D6B7C9D97EAD0A9384
                                                                                                                                                                                                      Function 006C6249 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 600229f6f5eb676db5d924164e0e46a0489dc1acdb057aba53a12435ed6c1499
                                                                                                                                                                                                      • Instruction ID: 59996ed2b6cd15c0ca5af58040b905c9dea23347ff526a4b39d2b6088b33d4c0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 600229f6f5eb676db5d924164e0e46a0489dc1acdb057aba53a12435ed6c1499
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0918CB3F1122547F3544928CD583A26683DBE5324F2F82788F5DAB7C6D97E6C0A52C4
                                                                                                                                                                                                      Function 006A20F7 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 76857e552ed8fa48d4b52b8850b7c83d070798f52a092307c8f8c04967ee792c
                                                                                                                                                                                                      • Instruction ID: 61e06a6424df80821eedcbf24e61657b50c4be810bf479cbcf15351eec612bfc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76857e552ed8fa48d4b52b8850b7c83d070798f52a092307c8f8c04967ee792c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A917AB3F5062447F3544D29DC943A27293DBA5324F2F82788E8C6B7C5E97EAC0A5384
                                                                                                                                                                                                      Function 006B702C Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7e0a4dcb7292de9e7a1dc6d9fc935dbcfa8e74f1307261c3cdb6d5e118079d69
                                                                                                                                                                                                      • Instruction ID: 05fcdbaf8af446eff1e46501d801935db05762cd9e0420dbccb8f89b9098ede6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e0a4dcb7292de9e7a1dc6d9fc935dbcfa8e74f1307261c3cdb6d5e118079d69
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C89192F3F107244BF3444D69DC943A27282DB99714F2E81789F49AB3D5D9BEAC099388
                                                                                                                                                                                                      Function 006EE11A Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e50b3a1da18c7266a2b32aa285b5ad299987078d9a2d1639db7495ac558e1665
                                                                                                                                                                                                      • Instruction ID: d9885cecb737f0309d5b7e20ca469ba5c55edb2373f5f501fe17c34ff1685fe2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e50b3a1da18c7266a2b32aa285b5ad299987078d9a2d1639db7495ac558e1665
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 239158F3E0122587F3544E69CC54362B2939B91324F2F82788E5CAB7C5E97EAC1653C8
                                                                                                                                                                                                      Function 0071500E Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f3b3235e23e98154da741cc3dcd25bd62bc963803ba3be0dba6ef457fbe07ab4
                                                                                                                                                                                                      • Instruction ID: 17c1bf9d35ed93b86f7b272b1b329745de01a2a62a3b535fbdf49017ed9897ec
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3b3235e23e98154da741cc3dcd25bd62bc963803ba3be0dba6ef457fbe07ab4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E91B0F7F5162547F3444968CCA83A26682DBD5310F2F817C8F49AB7C6E87E9D0A5384
                                                                                                                                                                                                      Function 0071435B Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c9e3f59cdc503507a57c4d5e2359c1f5703dee73c42b2666da201bfaeb5c84bf
                                                                                                                                                                                                      • Instruction ID: aaf740aaac498e6cbbc1e95a2c19b3dceef0637664c753f766ee6173a4628f5b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9e3f59cdc503507a57c4d5e2359c1f5703dee73c42b2666da201bfaeb5c84bf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4191AFB3F015254BF3544D79CC543A26293DBD5310F3F82788A4D6BBC9E97E6C4A6284
                                                                                                                                                                                                      Function 006C83B3 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 94bf2466c0f08bbf7018bec760f54d2dde7d91b00d55dfa6943aa6dee07b3412
                                                                                                                                                                                                      • Instruction ID: 4db736c8aab1d83722baf2726c26b07d9f5ec4f249d659efb48f914a2ed7f009
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94bf2466c0f08bbf7018bec760f54d2dde7d91b00d55dfa6943aa6dee07b3412
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D09166B3F116254BF3944879CC583A266839BD4324F2F82788F5DAB7C5ED7E4D0A5288
                                                                                                                                                                                                      Function 006B60E1 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 47a12b6abf75a3a3be69277ef2ff7be839d9b56ac1fde1c419434bc7079c3249
                                                                                                                                                                                                      • Instruction ID: b2939b34b8da23d0c2282a8c23b85b61c0b50a421e480df0cdab855283cd3f06
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47a12b6abf75a3a3be69277ef2ff7be839d9b56ac1fde1c419434bc7079c3249
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 129179F3F116254BF3544928CC943A266839BD5320F2F82788B5DAB3C5E97EAD1A5384
                                                                                                                                                                                                      Function 00673234 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d2b3519ac113f83be43d1155ab8444acac429785667319b74f0647bd12669f7d
                                                                                                                                                                                                      • Instruction ID: 133c7efb1bb3affa110214111fcd561f11fb6419edd3b6ce5f69af3a490572fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2b3519ac113f83be43d1155ab8444acac429785667319b74f0647bd12669f7d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6916BF7F1162647F3544838CD6836262839BA5324F2F82388F4D6BBC5E97E9D0A5384
                                                                                                                                                                                                      Function 0064A083 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f5d3d226193ca13d0c56a14cbb6745dc91f120fd5c105895ce978f61eab3aad8
                                                                                                                                                                                                      • Instruction ID: 1dab55b27bf966769bf16c877c32f19996e0b05588f556e8257c48130fd368ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5d3d226193ca13d0c56a14cbb6745dc91f120fd5c105895ce978f61eab3aad8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58818CB3F1062547F3584D29CC583A2A683EBD5314F2F82788F49AB7C9E97E5C0A5384
                                                                                                                                                                                                      Function 006661D1 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bbc94ef8428821fb07ddde912a31cda15d89078cde2df43ae4c4faff998f3648
                                                                                                                                                                                                      • Instruction ID: 36e54dbed0619ba4f3fbcc7d2689cb35812fa7588f904a3275f36233a7cdc1cd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbc94ef8428821fb07ddde912a31cda15d89078cde2df43ae4c4faff998f3648
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0918AB3F116244BF3544D28CD983A26683EBD5324F2F82788F5D6B7C9D97E6C0A5284
                                                                                                                                                                                                      Function 006AC3E2 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 114b730902577e669970b33bb71361b802789080de949e9d993a0109a88e78f9
                                                                                                                                                                                                      • Instruction ID: 650dbb72237bad7835b6774d7a7a008745497bdd6d24efb1f1ccb886d2b9e388
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 114b730902577e669970b33bb71361b802789080de949e9d993a0109a88e78f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1591DBF7F1162547F3504929CD883A26683DBC5320F3F82788E4C2B7C6D87E9D0A6288
                                                                                                                                                                                                      Function 006E1287 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2433d78250aeef8bff224074f31cb82294d0bd8f14d329d27f2a4083eae3f180
                                                                                                                                                                                                      • Instruction ID: 8643e261b1dfd61889cd73cf51b3eb005bd48bae405a00e2b597fc2f37f3c4d3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2433d78250aeef8bff224074f31cb82294d0bd8f14d329d27f2a4083eae3f180
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C9179B3E112254BF3948925CD993A236839BD5310F2F81788F4DAB7C5DD7E6D0A6288
                                                                                                                                                                                                      Function 006F63D0 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 22f95fecda29c5f69091890b3ef48636763812ad3295b03a355f6aad6f35159f
                                                                                                                                                                                                      • Instruction ID: 076dad4f7dc9ab34189b5b67ec89d560bfafbca6aaa0d6bce2e0940806ec8d8a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22f95fecda29c5f69091890b3ef48636763812ad3295b03a355f6aad6f35159f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69819BB3F112204BF3544D79DD983A26282DB95324F2F82788E8CAB7C5ED7E6D095384
                                                                                                                                                                                                      Function 0069C104 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6fd185a6c06e88d428087ce8e2ad9f213f86889d018a8dc994369af95243bf5e
                                                                                                                                                                                                      • Instruction ID: 2412d6bb0826612abd474b1c8905c6fce496c6949c45c8f15c7fa89eedcd202b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fd185a6c06e88d428087ce8e2ad9f213f86889d018a8dc994369af95243bf5e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8816CB3F2162647F3544978CD983A27683DBD4310F2F82788F49A77C9E97E9D065288
                                                                                                                                                                                                      Function 00610460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                                                      • Opcode ID: 9e55009b1565ea2ffa59d94968e5efb18282571703dfaac1d45c6761287d59bb
                                                                                                                                                                                                      • Instruction ID: e92c3744b8e25a75f347b79d787c71404d8bc844ed6c0643a167b04bfda43ea1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e55009b1565ea2ffa59d94968e5efb18282571703dfaac1d45c6761287d59bb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D6103356042019BEB159F18C8906BFB3A3EBD4720F1DC52DE9858B391EB709CD19792
                                                                                                                                                                                                      Function 0070D077 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 15ee16852c7f295f9eefaeaf3e025d48c6a5c8878ec4eeb95e69aa53bf176a74
                                                                                                                                                                                                      • Instruction ID: f47582f93e5f027dfc9ddb7e7cbbf8f4dcab4581d588f27b0c2b189b862534b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15ee16852c7f295f9eefaeaf3e025d48c6a5c8878ec4eeb95e69aa53bf176a74
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF81DDB3F1162547F3144D29CC583A27283EBD5324F2F82788B596B7C9E97EAD0A5384
                                                                                                                                                                                                      Function 0070F416 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9d73addba99e77995e23f442b97030117b379d9780f0812647b437cfa44f0e80
                                                                                                                                                                                                      • Instruction ID: e8eeaba08c5d6a8630b429380a855b7b4485bd70b8e169d2b0bdd108f6b9db5b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d73addba99e77995e23f442b97030117b379d9780f0812647b437cfa44f0e80
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62818DF7E111258BF3504D68CC983A27292DB95320F2F82788F5C6B7C5D97E6D0A9388
                                                                                                                                                                                                      Function 007192B3 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d34a27e4321cbdea3823d3b59b121822b9e7c663c08e0891e5d6b5413d486dc1
                                                                                                                                                                                                      • Instruction ID: 034ff75287f73f587a6e199481819c670d8ba8bf924370adddebff75c902ad36
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d34a27e4321cbdea3823d3b59b121822b9e7c663c08e0891e5d6b5413d486dc1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46817DB3F105244BF3584928CC653A27282DBA5310F2F817C8F9EAB7D5D97E9D4A6384
                                                                                                                                                                                                      Function 006C93AC Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 57bcb1212125df115a8bf93901155dca9faa06acf2a5ed3dd1548d9d3437704b
                                                                                                                                                                                                      • Instruction ID: 38853d19db331dc2cdcf37c895374ff0db177d67620ca8f6577d14108a8577f4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57bcb1212125df115a8bf93901155dca9faa06acf2a5ed3dd1548d9d3437704b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE8149B3E116254BF3444879CD983626683EBE4320F3F82788E5CAB7C5D97E5C0A5384
                                                                                                                                                                                                      Function 006FA27E Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7928ae82cf9d08ae7f0ad3179d3694ff59a8d7ba5d25e3568d69ac96f2831b87
                                                                                                                                                                                                      • Instruction ID: 4c47741964144d90d920069e6e9c95e6d41148a21567c21627afafc124774088
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7928ae82cf9d08ae7f0ad3179d3694ff59a8d7ba5d25e3568d69ac96f2831b87
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1181AEF3F1062547F3844938DC983A22583DBD9324F2F42788F58AB7D6D87E5D0A6244
                                                                                                                                                                                                      Function 0069B46B Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c82a4d80eb7adae51d2bb5e0bc2377297599be8ee8202a0792801746ed1a968a
                                                                                                                                                                                                      • Instruction ID: 37487b46722a4c7f5090e2c11961d605a64788fcf329fe6394e31735f89dde25
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c82a4d80eb7adae51d2bb5e0bc2377297599be8ee8202a0792801746ed1a968a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1819DB3F012254BF3440D29CD983A27693ABD5314F2F81788A4D6B7D9ED7E6C0A9384
                                                                                                                                                                                                      Function 006BE332 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5252c523a1b2fd166e3ff7673e79b1aa0cdc0ffca8dcf9b694a2780b947cd09d
                                                                                                                                                                                                      • Instruction ID: 121f8eb65b9ab326a1d98998ae1c62c6c5683c8606f78c2e4df133dec993eedb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5252c523a1b2fd166e3ff7673e79b1aa0cdc0ffca8dcf9b694a2780b947cd09d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB813AF3E0152447F3504929CC5839272939BE5324F2F82788E5C6B7D9E93EAD0A53C4
                                                                                                                                                                                                      Function 0071E271 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2402ac77f59c491c917354cfd947eab23680a4a3469076bb47139cc3f08abf8e
                                                                                                                                                                                                      • Instruction ID: d1aeb68ab849ec2c0173654c295c8e94f0a5b4b72e6dc5f6388490cb9c2cafdf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2402ac77f59c491c917354cfd947eab23680a4a3469076bb47139cc3f08abf8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE817FB3E102354BF3644E29CC98362B692DB95320F2F82788E8C677D5D97E6D1953C4
                                                                                                                                                                                                      Function 0071B3E4 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2c1fcaae827db422914f3f243e22ce3089b5d2a949e0a26bba2df62885676558
                                                                                                                                                                                                      • Instruction ID: ba042c2a0e93318078ae2b4180ab23e0bf1d0a2333e090ce4c916263dceefae2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c1fcaae827db422914f3f243e22ce3089b5d2a949e0a26bba2df62885676558
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1818AB3F112244BF3444938CCA93A27683DB85724F2F81798B19AB7D5DD7EAD0A5384
                                                                                                                                                                                                      Function 0064E076 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fa6303008e80de4af6b2fbdcc34698a74e5f9c8ebf335942fbf581bd4c23eaad
                                                                                                                                                                                                      • Instruction ID: 43fdd3ae9d71df899215482fa8fdae3defc808d1e369c7fb3afb5b2ed67560a0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa6303008e80de4af6b2fbdcc34698a74e5f9c8ebf335942fbf581bd4c23eaad
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 388169F7F1162107F3544878DC98362A6839BA5324F2F82788F5C6B7C6E8BE5C0A0284
                                                                                                                                                                                                      Function 006FB38E Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 38c00d99df8f4a9d1fec0d51719f42b560b2c6d8116595ba58ad11b839d4f699
                                                                                                                                                                                                      • Instruction ID: c62603c3dc95d00d43f54e549d8d184aef3c5aa92eac273d23bdb169b419b7f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38c00d99df8f4a9d1fec0d51719f42b560b2c6d8116595ba58ad11b839d4f699
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8717CB3F2152447F3844939CD583A2658397D5324F2F82B88F5CAB7C6D97EAC0A5384
                                                                                                                                                                                                      Function 006C011A Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d91069b274b1dc2ddbde39b14589a9b8d2c0d633ab5165600a6164f521fba521
                                                                                                                                                                                                      • Instruction ID: d43551ec05e9283820e4e39b41b2a6b828e607bc0b841d49fb3bf457b92650ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d91069b274b1dc2ddbde39b14589a9b8d2c0d633ab5165600a6164f521fba521
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 078169B3F2162547F3540928CD683A27683DB95324F2F82788F9DAB3C5E9BE5D095384
                                                                                                                                                                                                      Function 006DA3E6 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b74cd07bbfea427bea3ae05b8fc7bed9b16663638e41e918f19df167981cd5f0
                                                                                                                                                                                                      • Instruction ID: 6e756f1b56ccbcb47613bf2d1dc71e4784b4b99504e4c24d907f5d851c64161f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b74cd07bbfea427bea3ae05b8fc7bed9b16663638e41e918f19df167981cd5f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 678189B7F112254BF3844968DC983A27683EBD4320F2F42388F1D6B7C5E97E9D0A5284
                                                                                                                                                                                                      Function 007131CD Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 75edfbe36e645590b082659f2a19852e9eff6ce079c89e817dbfd9cb8f91d49c
                                                                                                                                                                                                      • Instruction ID: f564946efd9e2b1c2f0e51a83e67168da14fdae7e495fe05a1e70550c1988b2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75edfbe36e645590b082659f2a19852e9eff6ce079c89e817dbfd9cb8f91d49c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1816BF7F006248BF3444928DCA83627292DBA5324F2F82788F5D6B7D6E97E5C095384
                                                                                                                                                                                                      Function 00642197 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3d4ef47fe49073ee2f80b2675abcac1ab7811ddc8dd06d1ae2d884baf49a317f
                                                                                                                                                                                                      • Instruction ID: 6b0527d1752131976422732a43c4c344e513105d870777dee6e24bd8598986c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d4ef47fe49073ee2f80b2675abcac1ab7811ddc8dd06d1ae2d884baf49a317f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D8166B3F112240BF3944D39CC6836276829B94320F2F82788E8DAB7C5D97E6D0A53C4
                                                                                                                                                                                                      Function 006A326F Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b65a84e3c172181c18629499ec11756c33742e782f8ec60a93d224ca5ba4814f
                                                                                                                                                                                                      • Instruction ID: 2e497df855bc1c0e7cc6995bff2866be8ac9fbb0f81e83c7ea1ab073a9125b8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b65a84e3c172181c18629499ec11756c33742e782f8ec60a93d224ca5ba4814f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2715BB3F105244BF3544D68CCA83A17652DBA6315F2F827C8E0AAB7D5D93E6D099288
                                                                                                                                                                                                      Function 0067D03F Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6e10a823e050066461169184fdb477605c7b25af0d5a4f25541d9de35aef1383
                                                                                                                                                                                                      • Instruction ID: 19527488d7a6d1062e0bf6118c3fea085abbeef1447743985137f2953ed47648
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e10a823e050066461169184fdb477605c7b25af0d5a4f25541d9de35aef1383
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B717BF3F5162547F3404928CC583A27693DB95320F2F82788E4DAB7C5E97EAD1A5384
                                                                                                                                                                                                      Function 0072B325 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 53f34d87588c8bd750e0484a66272c4c2511d991462f2212b54edcb74b0def22
                                                                                                                                                                                                      • Instruction ID: 31e8e9b09e79a56d00ba94a6182d1c55eda74d08228c30bdf9a18c3798c471ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53f34d87588c8bd750e0484a66272c4c2511d991462f2212b54edcb74b0def22
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF718CB3F6122547F3500E29DC983A27293DB95320F2F41788E4C6B7C5EA7E6D4A6384
                                                                                                                                                                                                      Function 0068003D Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8143b683d1776f73e3fb036d6714174b0e0c3c99757859faacafa5051bbb7d96
                                                                                                                                                                                                      • Instruction ID: 397d441e0f55c6f5dacb2d70548f92076d25ee62f48914dccd2bc3bfab5fe7cf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8143b683d1776f73e3fb036d6714174b0e0c3c99757859faacafa5051bbb7d96
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81716DF7F5162547F3544829DC5836225838BE1324F3F82788F5DABBC6E87E9D0A5288
                                                                                                                                                                                                      Function 006930FD Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d2b6da83a3ed66402c4992bce12a491cf0f40d44f905721b814d78773fcb1cf2
                                                                                                                                                                                                      • Instruction ID: f5b45d313e8e91a935a4c9c786196f271f83fc02618ec4d58b7ea4cfec04fdf7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2b6da83a3ed66402c4992bce12a491cf0f40d44f905721b814d78773fcb1cf2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC719DB3F101244BF3544D38CC983617693EB95320F2F42788A9DAB7D4E93EAD499384
                                                                                                                                                                                                      Function 006641DE Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8bcd7761d6e4dd9636b22c57be656019c9793008ead2149b87cd2f85d6025db1
                                                                                                                                                                                                      • Instruction ID: b126a677d13f0c79357d7c89b4bbcc3dfba77e730c5048b429da21f56b8db1a4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bcd7761d6e4dd9636b22c57be656019c9793008ead2149b87cd2f85d6025db1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50815BB3F1062487F3444D29CCA43A27293DB95321F2F82788F596BBC9D97E6D495384
                                                                                                                                                                                                      Function 00723204 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9d167a5e4a826af8e0c795991a1a3a5551b71e80f0bf8fd76589d07ab92372a4
                                                                                                                                                                                                      • Instruction ID: 24a47df254fab70366723b5150235f601e37a5be16573f3f7254d03f2768fc7f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d167a5e4a826af8e0c795991a1a3a5551b71e80f0bf8fd76589d07ab92372a4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C7148F7F1162447F3904929DC883A26282D7A5325F2F82788E5C6B7C6E97F6D0A53C4
                                                                                                                                                                                                      Function 006B512A Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 61ea2a45b004c7d4b03a80316cd2dc68520f2f64ca6818df181c6bbeb1dc5c6b
                                                                                                                                                                                                      • Instruction ID: 401d003e15e482364d2646fb29ca49b31d32fa35d84ab22d265aef64a9d40e2c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61ea2a45b004c7d4b03a80316cd2dc68520f2f64ca6818df181c6bbeb1dc5c6b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19717CB3F116254BF3544E68CC983627293EB95311F2F82788F986B7C5E93E6D095388
                                                                                                                                                                                                      Function 006990B1 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a49a08fe982941715c2e4b94e5f72b77c5b391cc78b5d846220ac31f58a77d7c
                                                                                                                                                                                                      • Instruction ID: 0c1d58ddbe082479b51cdea30b0ec9ad9d122879a3856491adcb83dca47dc7d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a49a08fe982941715c2e4b94e5f72b77c5b391cc78b5d846220ac31f58a77d7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E715DB3F1022547F3644D38CD593A26682DB95320F2F83788F9D6BBC9D97E5D0A5288
                                                                                                                                                                                                      Function 006D5147 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c38fe8e8d2176b3bbb2d5a8ae61374cd004ec0a6ad11fe63217eb4703365fa1d
                                                                                                                                                                                                      • Instruction ID: f768eff236339deae1e70c35486c8f48bb93db9b2da86aca8eebabdb2494d4bc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c38fe8e8d2176b3bbb2d5a8ae61374cd004ec0a6ad11fe63217eb4703365fa1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4571AEF3F5162447F3584929DC983A225839BD5324F2F82788E9D6B7C6EC7E5D0A1380
                                                                                                                                                                                                      Function 00703351 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2905bfe84513c0af52bfc04dd424b272be820a336b760a0b5520fcd4d62317a7
                                                                                                                                                                                                      • Instruction ID: 0837632eb5c284f17d0163dc42186017c02669237140d3103cfb72b87af39a8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2905bfe84513c0af52bfc04dd424b272be820a336b760a0b5520fcd4d62317a7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E47178F3F1162547F3544828CD693A666839BE1324F2F82798B4DAB7C9DC7E9C0A5284
                                                                                                                                                                                                      Function 006AB132 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b6d03855f7c5f31f038f3f4d5bc8230a63c98beb3d06a5f7e63c79375ad8a7d7
                                                                                                                                                                                                      • Instruction ID: e6447bf7063374f6b5413805221b91d3e8df846d89bcebac1566491a44ac9359
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6d03855f7c5f31f038f3f4d5bc8230a63c98beb3d06a5f7e63c79375ad8a7d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 717149B3E106254BF3644E29CC983A17692DB94320F2F42788F8D6B7C5E97E5D0993C4
                                                                                                                                                                                                      Function 006EA429 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6ceef513a4a9efb5ae183ee980877dab98cd2f9825358d47914a829186726e0a
                                                                                                                                                                                                      • Instruction ID: 55b862f45a9685788fd67b3c7ea3bc22b4b96a04769774d6d43c80263f56d386
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ceef513a4a9efb5ae183ee980877dab98cd2f9825358d47914a829186726e0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F717AB3E1122547F3940D28CD983917683DBE4320F2F82388E9DA73C5E9BEAD065384
                                                                                                                                                                                                      Function 0063518D Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: aff885bdf9072d70bb6d7f84675bf04ab8467a137ec8e412ceb3c83329fe1e75
                                                                                                                                                                                                      • Instruction ID: b17c9dea0c935d6b04a7026f903d34989104b8679a7ec9137d1a4f2d7cc1050c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aff885bdf9072d70bb6d7f84675bf04ab8467a137ec8e412ceb3c83329fe1e75
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87719AF3F516254BF3544968CD993A22683DBA4314F2F82788E4DAB7C5E87FAC095384
                                                                                                                                                                                                      Function 0069D3A3 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cdd0d12358ab0d976b4e6f8741361df2706b1d30beabd10664d72caabf255680
                                                                                                                                                                                                      • Instruction ID: d38e62aa28eb12670b45f7b13dd796fd6583d038237322502ee0c1940af4bfad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdd0d12358ab0d976b4e6f8741361df2706b1d30beabd10664d72caabf255680
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71718EF3F2152447F3944929CC583A22193DBD5310F2E82788F4DAB7C9D97EAD0A6388
                                                                                                                                                                                                      Function 0068F1E4 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0e74211ad09deda8cf4f9eb41535b07871458218ef8d51adb27bd9175e1d2eb5
                                                                                                                                                                                                      • Instruction ID: 8b618e8384b36ee9a6994f4b601d7dca91b8b04d268c4cf4c4625e084274908f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e74211ad09deda8cf4f9eb41535b07871458218ef8d51adb27bd9175e1d2eb5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D615AB7F1262547F3504969CC983A2A683DBD5324F2F82788F886B7CAD97E5C065384
                                                                                                                                                                                                      Function 007073C2 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cf5a85f573dc73a6a30f82b52dce95eaa81d02fa61aef05cbb17ed399a94f356
                                                                                                                                                                                                      • Instruction ID: 7f415fab040b11538c98ff1200540b39a4f966a52689816fbaef1da0c51df670
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf5a85f573dc73a6a30f82b52dce95eaa81d02fa61aef05cbb17ed399a94f356
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB618AB3F1222547F3484E28CD943A672839BD5321F2F82788E5D5B7C8DD7E6C4A5284
                                                                                                                                                                                                      Function 006A630E Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b22437d4f9c7dd9c91b1bb46c2f5e119f73af397821af1542a688a37ff9bcca9
                                                                                                                                                                                                      • Instruction ID: 896718f7dc25785d2119d85ea101e461fcc64ddf9fd15e35a6d29ddcebdfe45f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b22437d4f9c7dd9c91b1bb46c2f5e119f73af397821af1542a688a37ff9bcca9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4615BF7F2162547F3844D24CC993A27253EBA5310F2E85788F496B3C5E93EAD195388
                                                                                                                                                                                                      Function 0066F03E Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 230cdbfb0df96747aeaa061ebf702885e9e39ebd1a852cea864e519441fe8938
                                                                                                                                                                                                      • Instruction ID: 2a4fe24f81dd2598c5366e60549cd89d7e5d660242b9c4dc21e3f8a6372cbd7d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 230cdbfb0df96747aeaa061ebf702885e9e39ebd1a852cea864e519441fe8938
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A5189B3F516244BF3584964CCA93A636839B85320F2F42788FAE6B7C5D87E5D0953C4
                                                                                                                                                                                                      Function 0065B1A2 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 81e867457a5295e7d9d3ea08d17bc0275af8ad0ec4263598ae885f32f552dbc9
                                                                                                                                                                                                      • Instruction ID: b7021f11e39e3dcc8a7509d553adb3ac92dd13657f57db7e6596e3b8c24e70c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81e867457a5295e7d9d3ea08d17bc0275af8ad0ec4263598ae885f32f552dbc9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 306169B3F116148BF3444E25DCA43A27293EBD5310F2F81788B4A1B7C9D97E6D4AA784
                                                                                                                                                                                                      Function 007B946A Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 293d284745c7da0495b92766fe21c5444db0cca2887d4015a977286c16dc43bc
                                                                                                                                                                                                      • Instruction ID: 68e6e0729a60df2f098ab14467dca16c742c374ceab2d3dc658c82ea2adcae23
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 293d284745c7da0495b92766fe21c5444db0cca2887d4015a977286c16dc43bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C05139F390C600DBD3106A19DC857BABBE4EF94350F26852DEBD587240E23A88558793
                                                                                                                                                                                                      Function 006A4021 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ae47b7f5e311c67420bd160bf9280ba7febfcba7738ae66eb1fbea0bed92a22f
                                                                                                                                                                                                      • Instruction ID: 7f79999e3b1e6d1a183a868565d2289ce39e51224a089140636c94199a2f2a61
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae47b7f5e311c67420bd160bf9280ba7febfcba7738ae66eb1fbea0bed92a22f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 025169F7E116254BF3644D69DC88362A282DB95320F2F82788F9C6B7C1E9BE5D055384
                                                                                                                                                                                                      Function 00684365 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 693c6fc0ababf807bb2e7d994ee182b670045668d4afbdafa3e509a8981d5f4b
                                                                                                                                                                                                      • Instruction ID: 855f3969869d8142bb3555b66577f22f126835c5abf1a52118b605c8a7629a35
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 693c6fc0ababf807bb2e7d994ee182b670045668d4afbdafa3e509a8981d5f4b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC5157B3F116244BF3544968DD983A26683DBA5320F2F82788F9C6B7C6DD7E5C0A5384
                                                                                                                                                                                                      Function 0063F421 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 058f6541e6de5e2bef917647a7b1722c066a4ea1d0f4aeaa8667c303a19bc055
                                                                                                                                                                                                      • Instruction ID: 5de8dc0f55d0bb2e7780bff4621804bf5c2ffd7576fd5869ddfeefd3b60c6520
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 058f6541e6de5e2bef917647a7b1722c066a4ea1d0f4aeaa8667c303a19bc055
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85519FB3F1022547F7584D29DCA43A27292DB95314F2F427C8B596B3C5DA7E5C069388
                                                                                                                                                                                                      Function 0068D2EC Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c3d3558f4c630c53bc14f21b47e5a15aa33a8f90dffc0ba87f514ecbabdffc67
                                                                                                                                                                                                      • Instruction ID: 5f5ad9722ba6d2f8a8d6a5df619798200c15a44aa7c230e998f3b1ef4e8e9cce
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3d3558f4c630c53bc14f21b47e5a15aa33a8f90dffc0ba87f514ecbabdffc67
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 725189B3E1063447F7544A68CCA83A1B692DB95314F2F42388F4D7B7D1E97E6D0992C8
                                                                                                                                                                                                      Function 005FF377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: cd68f71aa97698763466ce16e2f677606fe40c6055ebf99b1a299a4d5ded03f7
                                                                                                                                                                                                      • Instruction ID: 6effb416937794c50751c4d514ded8f6d491ee464267348304aac522c1bd1fbd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd68f71aa97698763466ce16e2f677606fe40c6055ebf99b1a299a4d5ded03f7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC61F772744B418FC728CE3CC8953E6BBD2AB85314F198A3DD4BBCB785EA79A4058700
                                                                                                                                                                                                      Function 00667002 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8fe9c633dddfb2f75a01f79edaf574333dddb453ef96fdb5c935cfbbdff6f8e3
                                                                                                                                                                                                      • Instruction ID: 6220bd43889c95f691855ea2d1de63a3f322ca211a4e45ca251ff754ada2c149
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fe9c633dddfb2f75a01f79edaf574333dddb453ef96fdb5c935cfbbdff6f8e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7051BDB3E1012547F3544D28CC593A2B293EBD5320F2F82788E5C6BBD5D97E9D09A384
                                                                                                                                                                                                      Function 00646276 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e3fde3bfc306f6a1be907ba76692c75b72a5c4fe9948d33616f8d5abd7d96f37
                                                                                                                                                                                                      • Instruction ID: a6c3e62c725e4683bc02056c25396e26a68265b9b22228f688974703fc8cdc7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3fde3bfc306f6a1be907ba76692c75b72a5c4fe9948d33616f8d5abd7d96f37
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F05159F7E1162647F3984C24CD943626643D7A1324F2F82788F9D6B7C5DD3E9D0A5288
                                                                                                                                                                                                      Function 006490ED Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a65160a5ab36a9f0b6020a5860d95b60e8a6717f462651408485d9510f67df69
                                                                                                                                                                                                      • Instruction ID: 4025a3d11ed1f44991ef259be615e4d4b4ce6450c6c6699f7e0e5bdc86943fa8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a65160a5ab36a9f0b6020a5860d95b60e8a6717f462651408485d9510f67df69
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7451BDF3F116244BF3884929CDA83726583DBD9310F2F82388B4DAB7D5D87E5D0A5288
                                                                                                                                                                                                      Function 0060F18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 481c96c21769f1ce7741c392cb60724cad06d90c9e78bb7a1ad51ac17654d96e
                                                                                                                                                                                                      • Instruction ID: 44c5683acf92529ed0e7d94efefb5d4ec41878fd36ac8cf137f7621145cd8516
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 481c96c21769f1ce7741c392cb60724cad06d90c9e78bb7a1ad51ac17654d96e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B41E5327487514BD72CCF3888A12BBFBD39BD9310F1D883ED482C7696D524E9068781
                                                                                                                                                                                                      Function 006BF28B Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 03d4260e7efa05fad045f92d83c6e1a6be225afbaba651e8e107bdc081d73c88
                                                                                                                                                                                                      • Instruction ID: 4479d47b41710d1d6ae6cc5f424813324b7ed037171b25373faa439ffab3e60f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03d4260e7efa05fad045f92d83c6e1a6be225afbaba651e8e107bdc081d73c88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B051BFF3F106244BF3540D69CC943A2B643DB99314F2F81788F496B7D5D97E6C096288
                                                                                                                                                                                                      Function 006483B2 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: bab87334ecfd36d756eff548afb4108117560e5ef246301f8d2da5fdc9280080
                                                                                                                                                                                                      • Instruction ID: 15dd68204aca8e323580f6d769dd67882b7d066f76825669edfa802b1b9942a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bab87334ecfd36d756eff548afb4108117560e5ef246301f8d2da5fdc9280080
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D4178B3F111294BF3444E39CC583A27293ABD5310F2F82388E595B7C5D97EAD499284
                                                                                                                                                                                                      Function 006D818A Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 507d0ffbfa3964359b65e51bde83b1f16189cfadd8f481a8f39d2b8f2106f044
                                                                                                                                                                                                      • Instruction ID: dae0bbabb1f8faeff1b712abc170ccf2944e202cb85de38fab0844b77446f6a3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 507d0ffbfa3964359b65e51bde83b1f16189cfadd8f481a8f39d2b8f2106f044
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3441AFB3F515254BF3444E28CC683A26283EBD5320F2F82788A599B7C5D97EAD0A5384
                                                                                                                                                                                                      Function 0069743C Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ba22e1fee59a23af697581fdcf1b2c069a7f7315ac1382eb774daf6867add1fd
                                                                                                                                                                                                      • Instruction ID: 0918781fd3166b02bf6f121d2b09fc1c92a797bf6f5a73f111360430b0b60658
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba22e1fee59a23af697581fdcf1b2c069a7f7315ac1382eb774daf6867add1fd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C416DF3F115254BF3448D29CC543A2B293ABD5314F2F81788E4DAB7D0E97EAC4A9284
                                                                                                                                                                                                      Function 00602070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 45e577062e2f4534cd585b0e0c6d332d33af456d57a0bcafdf2d474b25ddc779
                                                                                                                                                                                                      • Instruction ID: c49a8ff3dc4ba4dd1a2a0c5fde12d8b2465e36fb78304b665587ab45fe0f9d47
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45e577062e2f4534cd585b0e0c6d332d33af456d57a0bcafdf2d474b25ddc779
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 538115B450E3848FC374DF15A5986DBBBE2AF89308F18991ED4884B360CBB05589DF96
                                                                                                                                                                                                      Function 00729019 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 35e9f6c2c68a69388edab7b39794fbc97742a6e7a4e49d622b721c0dfa5a4eda
                                                                                                                                                                                                      • Instruction ID: 821204bb978cbd2a99fc94e2122da54d54ec8a8f520c4aa2f7ca773d0f654d8f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35e9f6c2c68a69388edab7b39794fbc97742a6e7a4e49d622b721c0dfa5a4eda
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0317CB3E1153547F3584A68CC24366B292ABD9320F2F82B88E5E7B7D5ED3E6C0542C4
                                                                                                                                                                                                      Function 0065D2B1 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6dc34ef8eb16658bcf496d664a4f5b42b0df7301b13b9b8c952117a26f2bd6ca
                                                                                                                                                                                                      • Instruction ID: 04cc67115435889ecc9b589a9058cee6d167673c7a757aa6e460888846faf5e0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dc34ef8eb16658bcf496d664a4f5b42b0df7301b13b9b8c952117a26f2bd6ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A31D1B3F215258BF3404929CC583926643DBD4310F3F85388A4CAB7C5ED7EAD165384
                                                                                                                                                                                                      Function 0067207D Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 484f35503fcb8d26a3de2473ac5ce61b47eb6fd31251d18ef6e6dc09a69c666f
                                                                                                                                                                                                      • Instruction ID: 9ae32d02d49f67f9853d0ae318c03e40f47198033a0eee62d8064fe473b36daa
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 484f35503fcb8d26a3de2473ac5ce61b47eb6fd31251d18ef6e6dc09a69c666f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA317CB3F51A264BF3500928DCA53A266439BA5320F2F81799F4D6B3D6D87E5C0A5384
                                                                                                                                                                                                      Function 0060A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                      • Instruction ID: 6ec16881e064516dc37521d862bea27c3ec366b0870a251e24f1bad4b6d5ab18
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B331F472A487044BC71D9D7D4C9026BBA93ABC5374F29C73EEAB68B3C1DA748C418242
                                                                                                                                                                                                      Function 006BE1CC Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0ec2a97409cfe0ad407f74b22b9379dbbe6ac4bf1c935832c6d3033b603204f2
                                                                                                                                                                                                      • Instruction ID: 656bf8fa10d9b13cd6829cd42b1df76da9fa5c58bee5012cbd8ad5c47341aec5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ec2a97409cfe0ad407f74b22b9379dbbe6ac4bf1c935832c6d3033b603204f2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A62104B3F6262547F3944839CD593A2A14397D1324F2F82348F6CABBC9DC7E9D0A1284
                                                                                                                                                                                                      Function 00677428 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fe8dfd65aeb0ae4f4b3eb52e71bf4fac197c9af9b47f543951be8ce02211abd4
                                                                                                                                                                                                      • Instruction ID: b96429bb4dc02630d5be989dc67437111c585d02f527be55822786df5ee9dde1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe8dfd65aeb0ae4f4b3eb52e71bf4fac197c9af9b47f543951be8ce02211abd4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E219AA3F2152107F7580878CE6936665839BD4324F2F82798F9E6B7C5D87D5C0902C8
                                                                                                                                                                                                      Function 0065B037 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f08bd553621c68b161ca4a01d22bcc1395de2dcf67bc16ca6001dcb0817d2db9
                                                                                                                                                                                                      • Instruction ID: a4014bc34ef169d447f49bd22902042847995cc47cfa74861e6cc2bd23e5596b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f08bd553621c68b161ca4a01d22bcc1395de2dcf67bc16ca6001dcb0817d2db9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 182136F3F516204BF3944879CC9836225828795361F2F8378CF2CABBC9D87E5D0A5288
                                                                                                                                                                                                      Function 0068637C Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2fa6fb7301558da6b4d53b4674eb172197d2608446972506daf67c140dbda08f
                                                                                                                                                                                                      • Instruction ID: 0fa10af4e4eef0847bb86cae90c0ed48d2da23db29768f564bccc278a321bfd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa6fb7301558da6b4d53b4674eb172197d2608446972506daf67c140dbda08f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A32148F7F115214BF3584839CD2836625839BD5321F2F82798B9967FC9E83E5A0A1284
                                                                                                                                                                                                      Function 007112BE Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 59f0abac19d0e4bf5776e3dd6bdb6eb86afb14b61358edecf9bd0bec197c679b
                                                                                                                                                                                                      • Instruction ID: 14614ed7c1e30f65b66e1877cae63adb57590d78666348891f1873ee337ff45d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59f0abac19d0e4bf5776e3dd6bdb6eb86afb14b61358edecf9bd0bec197c679b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20216DB3E5013607F3244879CDA8362A5839BD5720F2F83398E5DABBC9D87E5C0A52D0
                                                                                                                                                                                                      Function 00606210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                      • Instruction ID: 77c1c807d23a812340d3052ffcd42beb92edb326aa611260251cc8c37473036f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2111E933A451D40ED31A8D3CC4405A6BFE30AD3734B1943D9F4B89B2D6D6228E8A9364
                                                                                                                                                                                                      Function 005EC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                      • Instruction ID: 87247b507830cb471e21f84a044ab5fbc4ac03ed528245d6149fe9b9fdaa215f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68F03160104B914AD7358F3A8524373BFE0AB17218F545E8CC5E3576D2D366D10A8794
                                                                                                                                                                                                      Function 005FE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                      • Instruction ID: f74fc2e97ead8da0ed204a5e3cc1ab1eff57e5e54710892a3d4c48cf5a5c2acd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6F065104087E28ADB234B3E48616B2AFE1AB63120B181FD5C9E19B2D7C31D9596C366
                                                                                                                                                                                                      Function 005FD116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2c6ab2246c6f71a700d009da33150fc44d1874a590e63351be43fd8e51e94b6e
                                                                                                                                                                                                      • Instruction ID: 3494ce15923833ca6c831438f224f1090d78cddd39e155b78b6bcd4534679d03
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c6ab2246c6f71a700d009da33150fc44d1874a590e63351be43fd8e51e94b6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7301D1646442829BD304CB38CCA06B6FFA2FB96364B08DB9DC5568B796C638D842C795
                                                                                                                                                                                                      Function 0062C084 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2184509639.0000000000625000.00000040.00000001.01000000.00000003.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184424099.00000000005D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.00000000005D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184442851.0000000000615000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184493026.0000000000623000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000007AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.000000000088A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008B7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184509639.00000000008C5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184781611.00000000008C6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184914607.0000000000A5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000000.00000002.2184930731.0000000000A60000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_5d0000_ghumRvJGY9.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1d3306f9e21ed7ead428eea8043d867fa9875b1d3eb361c5550852f83bec282b
                                                                                                                                                                                                      • Instruction ID: b318f85c5d373e2a3e8d032bef9434e8ffcd060ab5a3922e015347580aaa5da9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d3306f9e21ed7ead428eea8043d867fa9875b1d3eb361c5550852f83bec282b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3C08CB1508426CFE340CF54E6507A933A2EB08300F208430DA0686284E6360626DB06